Vulnerability-Lookup

CVE-2022-24675 (GCVE-0-2022-24675)

Vulnerability from cvelistv5 – Published: 2022-04-20 00:00 – Updated: 2024-08-03 04:20

Summary

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

11 references

URL	Tags
https://groups.google.com/g/golang-announce
https://groups.google.com/g/golang-announce/c/oec…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.gentoo.org/glsa/202208-02	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.netapp.com/advisory/ntap-2022091…
https://cert-portal.siemens.com/productcert/pdf/s…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:49.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
          },
          {
            "name": "FEDORA-2022-a49babed75",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/"
          },
          {
            "name": "FEDORA-2022-c0f780ecf1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/"
          },
          {
            "name": "FEDORA-2022-e46e6e8317",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/"
          },
          {
            "name": "FEDORA-2022-fae3ecee19",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
          },
          {
            "name": "FEDORA-2022-ba365d3703",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          },
          {
            "name": "FEDORA-2022-30c5ed5625",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220915-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-14T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        },
        {
          "name": "FEDORA-2022-a49babed75",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/"
        },
        {
          "name": "FEDORA-2022-c0f780ecf1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/"
        },
        {
          "name": "FEDORA-2022-e46e6e8317",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/"
        },
        {
          "name": "FEDORA-2022-fae3ecee19",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
        },
        {
          "name": "FEDORA-2022-ba365d3703",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        },
        {
          "name": "FEDORA-2022-30c5ed5625",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220915-0010/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-24675",
    "datePublished": "2022-04-20T00:00:00.000Z",
    "dateReserved": "2022-02-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T04:20:49.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-24675",
      "date": "2026-06-04",
      "epss": "0.00179",
      "percentile": "0.3925"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24675\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-04-20T10:15:07.930\",\"lastModified\":\"2024-11-21T06:50:50.780\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.\"},{\"lang\":\"es\",\"value\":\"encoding/pem en Go versiones anteriores a 1.17.9 y versiones 1.8.x anteriores a 1.8.1 tiene un desbordamiento de pila Decode a trav\u00e9s de una gran cantidad de datos PEM.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.17.9\",\"matchCriteriaId\":\"2437ADD6-8C18-49F6-BF6A-EEBE68F66031\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18.0\",\"versionEndExcluding\":\"1.18.1\",\"matchCriteriaId\":\"F786A4EC-4A24-4216-8F24-3BD4091BE741\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F8E1764-2021-41E7-9CBE-6864313A74E2\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/oecdBNLOml8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220915-0010/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/oecdBNLOml8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220915-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

RHSA-2022:6156

Vulnerability from csaf_redhat - Published: 2022-08-24 13:45 - Updated: 2026-06-02 17:37

Summary

Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update

Severity

Important

Notes

Topic: Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * eventsource: Exposure of Sensitive Information (CVE-2022-1650) * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * nodejs-set-value: type confusion allows bypass of CVE-2019-10747 (CVE-2021-23440) * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698) * golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) * golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773) * golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771) * node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772) * node-forge: Signature verification leniency in checking `DigestInfo` structure (CVE-2022-24773) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes: https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-23440

A type confusion vulnerability in nodejs-set-value can lead to a bypass of CVE-2019-10747. If the user-provided keys used in the path parameter are arrays, the function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or _proto_ payloads. This vulnerability can impact data confidentiality, integrity, and availability.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le	—	Vendor Fix fix

Known not affected 75 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Moderate

CVE-2021-23566

A flaw was found in the nanoid library where the valueOf() function allows the reproduction of the last id generated. This flaw allows an attacker to expose sensitive information.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le	—	Vendor Fix fix

Known not affected 75 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Moderate

CVE-2022-0235

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le	—	Vendor Fix fix

Known not affected 75 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Moderate

CVE-2022-0536

A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-319 - Cleartext Transmission of Sensitive Information

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x	—	Vendor Fix fix

Known not affected 75 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Moderate

CVE-2022-1650

A flaw was found in the EventSource NPM Package. The description from the source states the following message: "Exposure of Sensitive Information to an Unauthorized Actor." This flaw allows an attacker to steal the user's credentials and then use the credentials to access the legitimate website.

9.3 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x	—	Vendor Fix fix

Known not affected 75 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Important

CVE-2022-21698

A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-772 - Missing Release of Resource after Effective Lifetime

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le	—	Vendor Fix fix

Known not affected 69 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Moderate

CVE-2022-23772

A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 21 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64	—	Vendor Fix fix

Known not affected 57 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—

Threats

Impact Moderate

CVE-2022-23773

A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-266 - Incorrect Privilege Assignment

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le	—	Vendor Fix fix

Known not affected 72 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Moderate

CVE-2022-23806

A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-252 - Unchecked Return Value

Affected products

Fixed 15 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le	—	Vendor Fix fix

Known not affected 63 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Moderate

CVE-2022-24675

A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 39 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64	—	Vendor Fix fix

Known not affected 39 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—

Threats

Impact Moderate

CVE-2022-24771

A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x	—	Vendor Fix fix

Known not affected 72 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Moderate

CVE-2022-24772

A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x	—	Vendor Fix fix

Known not affected 72 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Moderate

CVE-2022-24773

A flaw was found in the node-forge library when verifying the signature on the ASN.1 structure in RSA PKCS#1 v1.5. This flaw allows an attacker to obtain successful verification for invalid DigestInfo structure, affecting the integrity of the attacked resource.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x	—	Vendor Fix fix

Known not affected 72 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Moderate

CVE-2022-24785

A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le	—	Vendor Fix fix Workaround

Known not affected 75 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x	—	Workaround
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64	—	Workaround

Threats

Impact Moderate

CVE-2022-24921

A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 21 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64	—	Vendor Fix fix

Known not affected 57 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—

Threats

Impact Moderate

CVE-2022-28327

An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 39 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64	—	Vendor Fix fix

Known not affected 39 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—

Threats

Impact Moderate

CVE-2022-29526

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-358 - Improperly Implemented Security Check for Standard

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le	—	Vendor Fix fix

Known not affected 69 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Moderate

CVE-2022-29810

A flaw was found in go-getter, where the go-getter library can write SSH credentials into its log file. This flaw allows a local user with access to read log files to read sensitive credentials, which may lead to privilege escalation or account takeover.

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le	—	Vendor Fix fix

Known not affected 75 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Moderate

CVE-2022-31129

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le	—	Vendor Fix fix

Known not affected 75 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64		—
Unresolved product id: 8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x		—
Unresolved product id: 8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64		—

Threats

Impact Important

References

230 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:6156	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com//documentation/en-us/re…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1937117	external
https://bugzilla.redhat.com/show_bug.cgi?id=1947482	external
https://bugzilla.redhat.com/show_bug.cgi?id=1973317	external
https://bugzilla.redhat.com/show_bug.cgi?id=1996829	external
https://bugzilla.redhat.com/show_bug.cgi?id=2004944	external
https://bugzilla.redhat.com/show_bug.cgi?id=2027724	external
https://bugzilla.redhat.com/show_bug.cgi?id=2029298	external
https://bugzilla.redhat.com/show_bug.cgi?id=2044591	external
https://bugzilla.redhat.com/show_bug.cgi?id=2045880	external
https://bugzilla.redhat.com/show_bug.cgi?id=2047173	external
https://bugzilla.redhat.com/show_bug.cgi?id=2050853	external
https://bugzilla.redhat.com/show_bug.cgi?id=2050897	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053259	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053429	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053532	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053541	external
https://bugzilla.redhat.com/show_bug.cgi?id=2056697	external
https://bugzilla.redhat.com/show_bug.cgi?id=2058211	external
https://bugzilla.redhat.com/show_bug.cgi?id=2060487	external
https://bugzilla.redhat.com/show_bug.cgi?id=2060790	external
https://bugzilla.redhat.com/show_bug.cgi?id=2061713	external
https://bugzilla.redhat.com/show_bug.cgi?id=2063691	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064426	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://bugzilla.redhat.com/show_bug.cgi?id=2066514	external
https://bugzilla.redhat.com/show_bug.cgi?id=2067079	external
https://bugzilla.redhat.com/show_bug.cgi?id=2067387	external
https://bugzilla.redhat.com/show_bug.cgi?id=2067458	external
https://bugzilla.redhat.com/show_bug.cgi?id=2067461	external
https://bugzilla.redhat.com/show_bug.cgi?id=2069314	external
https://bugzilla.redhat.com/show_bug.cgi?id=2069319	external
https://bugzilla.redhat.com/show_bug.cgi?id=2069812	external
https://bugzilla.redhat.com/show_bug.cgi?id=2069815	external
https://bugzilla.redhat.com/show_bug.cgi?id=2070542	external
https://bugzilla.redhat.com/show_bug.cgi?id=2071494	external
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2073920	external
https://bugzilla.redhat.com/show_bug.cgi?id=2074810	external
https://bugzilla.redhat.com/show_bug.cgi?id=2075426	external
https://bugzilla.redhat.com/show_bug.cgi?id=2075581	external
https://bugzilla.redhat.com/show_bug.cgi?id=2076457	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077242	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://bugzilla.redhat.com/show_bug.cgi?id=2079866	external
https://bugzilla.redhat.com/show_bug.cgi?id=2079873	external
https://bugzilla.redhat.com/show_bug.cgi?id=2080279	external
https://bugzilla.redhat.com/show_bug.cgi?id=2081680	external
https://bugzilla.redhat.com/show_bug.cgi?id=2082028	external
https://bugzilla.redhat.com/show_bug.cgi?id=2082078	external
https://bugzilla.redhat.com/show_bug.cgi?id=2082497	external
https://bugzilla.redhat.com/show_bug.cgi?id=2083074	external
https://bugzilla.redhat.com/show_bug.cgi?id=2083441	external
https://bugzilla.redhat.com/show_bug.cgi?id=2083953	external
https://bugzilla.redhat.com/show_bug.cgi?id=2083993	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084041	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084201	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084503	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084546	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084565	external
https://bugzilla.redhat.com/show_bug.cgi?id=2085307	external
https://bugzilla.redhat.com/show_bug.cgi?id=2085351	external
https://bugzilla.redhat.com/show_bug.cgi?id=2085357	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086557	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086675	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086982	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086983	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087078	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087107	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087237	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087675	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087732	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087755	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088359	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088380	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088506	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088587	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089296	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089342	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089397	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089552	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089567	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089786	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089795	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089797	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090278	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090314	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090953	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091487	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091638	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091641	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091681	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091894	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091951	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091998	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092143	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092217	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092220	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092349	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092372	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092400	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093266	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093848	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094179	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094853	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094856	external
https://bugzilla.redhat.com/show_bug.cgi?id=2095155	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096209	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096414	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096509	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096513	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096823	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096937	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097216	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097287	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097305	external
https://bugzilla.redhat.com/show_bug.cgi?id=2098121	external
https://bugzilla.redhat.com/show_bug.cgi?id=2098261	external
https://bugzilla.redhat.com/show_bug.cgi?id=2098536	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099265	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099581	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099609	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099646	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099660	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099724	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099965	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100326	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100352	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100946	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101139	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101380	external
https://bugzilla.redhat.com/show_bug.cgi?id=2103818	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104833	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-23440	self
https://bugzilla.redhat.com/show_bug.cgi?id=2004944	external
https://www.cve.org/CVERecord?id=CVE-2021-23440	external
https://nvd.nist.gov/vuln/detail/CVE-2021-23440	external
https://github.com/advisories/GHSA-4jqc-8m5r-9rpr	external
https://access.redhat.com/security/cve/CVE-2021-23566	self
https://bugzilla.redhat.com/show_bug.cgi?id=2050853	external
https://www.cve.org/CVERecord?id=CVE-2021-23566	external
https://nvd.nist.gov/vuln/detail/CVE-2021-23566	external
https://github.com/advisories/GHSA-qrpm-p2h7-hrv2	external
https://access.redhat.com/security/cve/CVE-2022-0235	self
https://bugzilla.redhat.com/show_bug.cgi?id=2044591	external
https://www.cve.org/CVERecord?id=CVE-2022-0235	external
https://nvd.nist.gov/vuln/detail/CVE-2022-0235	external
https://huntr.dev/bounties/d26ab655-38d6-48b3-be1…	external
https://access.redhat.com/security/cve/CVE-2022-0536	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053259	external
https://www.cve.org/CVERecord?id=CVE-2022-0536	external
https://nvd.nist.gov/vuln/detail/CVE-2022-0536	external
https://access.redhat.com/security/cve/CVE-2022-1650	self
https://bugzilla.redhat.com/show_bug.cgi?id=2085307	external
https://www.cve.org/CVERecord?id=CVE-2022-1650	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1650	external
https://huntr.dev/bounties/dc9e467f-be5d-4945-867…	external
https://access.redhat.com/security/cve/CVE-2022-21698	self
https://bugzilla.redhat.com/show_bug.cgi?id=2045880	external
https://www.cve.org/CVERecord?id=CVE-2022-21698	external
https://nvd.nist.gov/vuln/detail/CVE-2022-21698	external
https://github.com/prometheus/client_golang/secur…	external
https://access.redhat.com/security/cve/CVE-2022-23772	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053532	external
https://www.cve.org/CVERecord?id=CVE-2022-23772	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23772	external
https://groups.google.com/g/golang-announce/c/SUs…	external
https://access.redhat.com/security/cve/CVE-2022-23773	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053541	external
https://www.cve.org/CVERecord?id=CVE-2022-23773	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23773	external
https://access.redhat.com/security/cve/CVE-2022-23806	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053429	external
https://www.cve.org/CVERecord?id=CVE-2022-23806	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23806	external
https://access.redhat.com/security/cve/CVE-2022-24675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://www.cve.org/CVERecord?id=CVE-2022-24675	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24675	external
https://groups.google.com/g/golang-announce/c/oec…	external
https://access.redhat.com/security/cve/CVE-2022-24771	self
https://bugzilla.redhat.com/show_bug.cgi?id=2067387	external
https://www.cve.org/CVERecord?id=CVE-2022-24771	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24771	external
https://github.com/digitalbazaar/forge/security/a…	external
https://access.redhat.com/security/cve/CVE-2022-24772	self
https://bugzilla.redhat.com/show_bug.cgi?id=2067458	external
https://www.cve.org/CVERecord?id=CVE-2022-24772	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24772	external
https://github.com/digitalbazaar/forge/security/a…	external
https://access.redhat.com/security/cve/CVE-2022-24773	self
https://bugzilla.redhat.com/show_bug.cgi?id=2067461	external
https://www.cve.org/CVERecord?id=CVE-2022-24773	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24773	external
https://github.com/digitalbazaar/forge/security/a…	external
https://access.redhat.com/security/cve/CVE-2022-24785	self
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://www.cve.org/CVERecord?id=CVE-2022-24785	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24785	external
https://github.com/moment/moment/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2022-24921	self
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://www.cve.org/CVERecord?id=CVE-2022-24921	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24921	external
https://groups.google.com/g/golang-announce/c/RP1…	external
https://access.redhat.com/security/cve/CVE-2022-28327	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://www.cve.org/CVERecord?id=CVE-2022-28327	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28327	external
https://access.redhat.com/security/cve/CVE-2022-29526	self
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://www.cve.org/CVERecord?id=CVE-2022-29526	external
https://nvd.nist.gov/vuln/detail/CVE-2022-29526	external
https://groups.google.com/g/golang-announce/c/Y5q…	external
https://access.redhat.com/security/cve/CVE-2022-29810	self
https://bugzilla.redhat.com/show_bug.cgi?id=2080279	external
https://www.cve.org/CVERecord?id=CVE-2022-29810	external
https://nvd.nist.gov/vuln/detail/CVE-2022-29810	external
https://github.com/golang/vulndb/issues/438	external
https://access.redhat.com/security/cve/CVE-2022-31129	self
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://www.cve.org/CVERecord?id=CVE-2022-31129	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31129	external
https://github.com/moment/moment/security/advisor…	external

Acknowledgments

Joël Gähwiler

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.\n\nSecurity Fix(es):\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* nodejs-set-value: type confusion allows bypass of CVE-2019-10747 (CVE-2021-23440)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `DigestInfo` structure (CVE-2022-24773)\n\n* Moment.js: Path traversal  in moment.locale (CVE-2022-24785)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\nThese updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:6156",
        "url": "https://access.redhat.com/errata/RHSA-2022:6156"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index",
        "url": "https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index"
      },
      {
        "category": "external",
        "summary": "1937117",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937117"
      },
      {
        "category": "external",
        "summary": "1947482",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947482"
      },
      {
        "category": "external",
        "summary": "1973317",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973317"
      },
      {
        "category": "external",
        "summary": "1996829",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996829"
      },
      {
        "category": "external",
        "summary": "2004944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004944"
      },
      {
        "category": "external",
        "summary": "2027724",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027724"
      },
      {
        "category": "external",
        "summary": "2029298",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029298"
      },
      {
        "category": "external",
        "summary": "2044591",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
      },
      {
        "category": "external",
        "summary": "2045880",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
      },
      {
        "category": "external",
        "summary": "2047173",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047173"
      },
      {
        "category": "external",
        "summary": "2050853",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050853"
      },
      {
        "category": "external",
        "summary": "2050897",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050897"
      },
      {
        "category": "external",
        "summary": "2053259",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
      },
      {
        "category": "external",
        "summary": "2053429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
      },
      {
        "category": "external",
        "summary": "2053532",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
      },
      {
        "category": "external",
        "summary": "2053541",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
      },
      {
        "category": "external",
        "summary": "2056697",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056697"
      },
      {
        "category": "external",
        "summary": "2058211",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058211"
      },
      {
        "category": "external",
        "summary": "2060487",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060487"
      },
      {
        "category": "external",
        "summary": "2060790",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060790"
      },
      {
        "category": "external",
        "summary": "2061713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061713"
      },
      {
        "category": "external",
        "summary": "2063691",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063691"
      },
      {
        "category": "external",
        "summary": "2064426",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064426"
      },
      {
        "category": "external",
        "summary": "2064857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
      },
      {
        "category": "external",
        "summary": "2066514",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066514"
      },
      {
        "category": "external",
        "summary": "2067079",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067079"
      },
      {
        "category": "external",
        "summary": "2067387",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387"
      },
      {
        "category": "external",
        "summary": "2067458",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458"
      },
      {
        "category": "external",
        "summary": "2067461",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067461"
      },
      {
        "category": "external",
        "summary": "2069314",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069314"
      },
      {
        "category": "external",
        "summary": "2069319",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069319"
      },
      {
        "category": "external",
        "summary": "2069812",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069812"
      },
      {
        "category": "external",
        "summary": "2069815",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069815"
      },
      {
        "category": "external",
        "summary": "2070542",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070542"
      },
      {
        "category": "external",
        "summary": "2071494",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071494"
      },
      {
        "category": "external",
        "summary": "2072009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
      },
      {
        "category": "external",
        "summary": "2073920",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073920"
      },
      {
        "category": "external",
        "summary": "2074810",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074810"
      },
      {
        "category": "external",
        "summary": "2075426",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075426"
      },
      {
        "category": "external",
        "summary": "2075581",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075581"
      },
      {
        "category": "external",
        "summary": "2076457",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076457"
      },
      {
        "category": "external",
        "summary": "2077242",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077242"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2077689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
      },
      {
        "category": "external",
        "summary": "2079866",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079866"
      },
      {
        "category": "external",
        "summary": "2079873",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079873"
      },
      {
        "category": "external",
        "summary": "2080279",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080279"
      },
      {
        "category": "external",
        "summary": "2081680",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081680"
      },
      {
        "category": "external",
        "summary": "2082028",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082028"
      },
      {
        "category": "external",
        "summary": "2082078",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082078"
      },
      {
        "category": "external",
        "summary": "2082497",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082497"
      },
      {
        "category": "external",
        "summary": "2083074",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083074"
      },
      {
        "category": "external",
        "summary": "2083441",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083441"
      },
      {
        "category": "external",
        "summary": "2083953",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083953"
      },
      {
        "category": "external",
        "summary": "2083993",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083993"
      },
      {
        "category": "external",
        "summary": "2084041",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084041"
      },
      {
        "category": "external",
        "summary": "2084085",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
      },
      {
        "category": "external",
        "summary": "2084201",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084201"
      },
      {
        "category": "external",
        "summary": "2084503",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084503"
      },
      {
        "category": "external",
        "summary": "2084546",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084546"
      },
      {
        "category": "external",
        "summary": "2084565",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084565"
      },
      {
        "category": "external",
        "summary": "2085307",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
      },
      {
        "category": "external",
        "summary": "2085351",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085351"
      },
      {
        "category": "external",
        "summary": "2085357",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085357"
      },
      {
        "category": "external",
        "summary": "2086557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086557"
      },
      {
        "category": "external",
        "summary": "2086675",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086675"
      },
      {
        "category": "external",
        "summary": "2086982",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086982"
      },
      {
        "category": "external",
        "summary": "2086983",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086983"
      },
      {
        "category": "external",
        "summary": "2087078",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087078"
      },
      {
        "category": "external",
        "summary": "2087107",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087107"
      },
      {
        "category": "external",
        "summary": "2087237",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087237"
      },
      {
        "category": "external",
        "summary": "2087675",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087675"
      },
      {
        "category": "external",
        "summary": "2087732",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087732"
      },
      {
        "category": "external",
        "summary": "2087755",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087755"
      },
      {
        "category": "external",
        "summary": "2088359",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088359"
      },
      {
        "category": "external",
        "summary": "2088380",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088380"
      },
      {
        "category": "external",
        "summary": "2088506",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088506"
      },
      {
        "category": "external",
        "summary": "2088587",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088587"
      },
      {
        "category": "external",
        "summary": "2089296",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089296"
      },
      {
        "category": "external",
        "summary": "2089342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089342"
      },
      {
        "category": "external",
        "summary": "2089397",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089397"
      },
      {
        "category": "external",
        "summary": "2089552",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089552"
      },
      {
        "category": "external",
        "summary": "2089567",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089567"
      },
      {
        "category": "external",
        "summary": "2089786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089786"
      },
      {
        "category": "external",
        "summary": "2089795",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089795"
      },
      {
        "category": "external",
        "summary": "2089797",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089797"
      },
      {
        "category": "external",
        "summary": "2090278",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090278"
      },
      {
        "category": "external",
        "summary": "2090314",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090314"
      },
      {
        "category": "external",
        "summary": "2090953",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090953"
      },
      {
        "category": "external",
        "summary": "2091487",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091487"
      },
      {
        "category": "external",
        "summary": "2091638",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091638"
      },
      {
        "category": "external",
        "summary": "2091641",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091641"
      },
      {
        "category": "external",
        "summary": "2091681",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091681"
      },
      {
        "category": "external",
        "summary": "2091894",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091894"
      },
      {
        "category": "external",
        "summary": "2091951",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091951"
      },
      {
        "category": "external",
        "summary": "2091998",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091998"
      },
      {
        "category": "external",
        "summary": "2092143",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092143"
      },
      {
        "category": "external",
        "summary": "2092217",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092217"
      },
      {
        "category": "external",
        "summary": "2092220",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092220"
      },
      {
        "category": "external",
        "summary": "2092349",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092349"
      },
      {
        "category": "external",
        "summary": "2092372",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092372"
      },
      {
        "category": "external",
        "summary": "2092400",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092400"
      },
      {
        "category": "external",
        "summary": "2093266",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093266"
      },
      {
        "category": "external",
        "summary": "2093848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093848"
      },
      {
        "category": "external",
        "summary": "2094179",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094179"
      },
      {
        "category": "external",
        "summary": "2094853",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094853"
      },
      {
        "category": "external",
        "summary": "2094856",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094856"
      },
      {
        "category": "external",
        "summary": "2095155",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095155"
      },
      {
        "category": "external",
        "summary": "2096209",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096209"
      },
      {
        "category": "external",
        "summary": "2096414",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096414"
      },
      {
        "category": "external",
        "summary": "2096509",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096509"
      },
      {
        "category": "external",
        "summary": "2096513",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096513"
      },
      {
        "category": "external",
        "summary": "2096823",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096823"
      },
      {
        "category": "external",
        "summary": "2096937",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096937"
      },
      {
        "category": "external",
        "summary": "2097216",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097216"
      },
      {
        "category": "external",
        "summary": "2097287",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097287"
      },
      {
        "category": "external",
        "summary": "2097305",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097305"
      },
      {
        "category": "external",
        "summary": "2098121",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098121"
      },
      {
        "category": "external",
        "summary": "2098261",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098261"
      },
      {
        "category": "external",
        "summary": "2098536",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098536"
      },
      {
        "category": "external",
        "summary": "2099265",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099265"
      },
      {
        "category": "external",
        "summary": "2099581",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099581"
      },
      {
        "category": "external",
        "summary": "2099609",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099609"
      },
      {
        "category": "external",
        "summary": "2099646",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099646"
      },
      {
        "category": "external",
        "summary": "2099660",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099660"
      },
      {
        "category": "external",
        "summary": "2099724",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099724"
      },
      {
        "category": "external",
        "summary": "2099965",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099965"
      },
      {
        "category": "external",
        "summary": "2100326",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100326"
      },
      {
        "category": "external",
        "summary": "2100352",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100352"
      },
      {
        "category": "external",
        "summary": "2100946",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100946"
      },
      {
        "category": "external",
        "summary": "2101139",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101139"
      },
      {
        "category": "external",
        "summary": "2101380",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101380"
      },
      {
        "category": "external",
        "summary": "2103818",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103818"
      },
      {
        "category": "external",
        "summary": "2104833",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104833"
      },
      {
        "category": "external",
        "summary": "2105075",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6156.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, \u0026 bugfix update",
    "tracking": {
      "current_release_date": "2026-06-02T17:37:36+00:00",
      "generator": {
        "date": "2026-06-02T17:37:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2022:6156",
      "initial_release_date": "2022-08-24T13:45:52+00:00",
      "revision_history": [
        {
          "date": "2022-08-24T13:45:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-08-24T13:45:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:37:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHODF 4.11 for RHEL 8",
                "product": {
                  "name": "RHODF 4.11 for RHEL 8",
                  "product_id": "8Base-RHODF-4.11",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_data_foundation:4.11::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Data Foundation"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
                "product": {
                  "name": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
                  "product_id": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056?arch=s390x\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.11.0-45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
                "product": {
                  "name": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
                  "product_id": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.11.0-30"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
                "product": {
                  "name": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
                  "product_id": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
                "product": {
                  "name": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
                  "product_id": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.11.0-28"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
                "product": {
                  "name": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
                  "product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.11.0-49"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
                "product": {
                  "name": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
                  "product_id": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.11.0-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
                "product": {
                  "name": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
                  "product_id": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
                "product": {
                  "name": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
                  "product_id": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.11.0-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
                "product": {
                  "name": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
                  "product_id": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.11.0-51"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
                "product": {
                  "name": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
                  "product_id": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
                "product": {
                  "name": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
                  "product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.11.0-23"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
                "product": {
                  "name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
                  "product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.11.0-23"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
                "product": {
                  "name": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
                  "product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.11.0-37"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
                "product": {
                  "name": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
                  "product_id": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
                "product": {
                  "name": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
                  "product_id": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.11.0-39"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
                "product": {
                  "name": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
                  "product_id": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.11.0-45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
                "product": {
                  "name": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
                  "product_id": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
                "product": {
                  "name": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
                  "product_id": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.11.0-29"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
                "product": {
                  "name": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
                  "product_id": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
                "product": {
                  "name": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
                  "product_id": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.11.0-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
                "product": {
                  "name": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
                  "product_id": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.11.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
                "product": {
                  "name": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
                  "product_id": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
                "product": {
                  "name": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
                  "product_id": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
                "product": {
                  "name": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
                  "product_id": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.11.0-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
                "product": {
                  "name": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
                  "product_id": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.11.0-49"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
                "product": {
                  "name": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
                  "product_id": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a?arch=s390x\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.11.0-13"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
                "product": {
                  "name": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
                  "product_id": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.11.0-45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
                "product": {
                  "name": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
                  "product_id": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.11.0-30"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
                "product": {
                  "name": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
                  "product_id": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
                "product": {
                  "name": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
                  "product_id": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.11.0-28"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
                "product": {
                  "name": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
                  "product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.11.0-49"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
                "product": {
                  "name": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
                  "product_id": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.11.0-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
                "product": {
                  "name": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
                  "product_id": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
                "product": {
                  "name": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
                  "product_id": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.11.0-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
                "product": {
                  "name": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
                  "product_id": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.11.0-51"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
                "product": {
                  "name": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
                  "product_id": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
                "product": {
                  "name": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
                  "product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.11.0-23"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
                "product": {
                  "name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
                  "product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.11.0-23"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
                "product": {
                  "name": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
                  "product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.11.0-37"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
                "product": {
                  "name": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
                  "product_id": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
                "product": {
                  "name": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
                  "product_id": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.11.0-39"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
                "product": {
                  "name": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
                  "product_id": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.11.0-45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
                "product": {
                  "name": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
                  "product_id": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
                "product": {
                  "name": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
                  "product_id": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.11.0-29"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
                "product": {
                  "name": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
                  "product_id": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
                "product": {
                  "name": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
                  "product_id": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.11.0-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
                "product": {
                  "name": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
                  "product_id": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.11.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
                "product": {
                  "name": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
                  "product_id": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
                "product": {
                  "name": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
                  "product_id": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
                "product": {
                  "name": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
                  "product_id": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.11.0-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
                "product": {
                  "name": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
                  "product_id": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.11.0-49"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
                "product": {
                  "name": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
                  "product_id": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.11.0-13"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
                "product": {
                  "name": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
                  "product_id": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d?arch=amd64\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.11.0-45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
                "product": {
                  "name": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
                  "product_id": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.11.0-30"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
                "product": {
                  "name": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
                  "product_id": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
                "product": {
                  "name": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
                  "product_id": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.11.0-28"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
                "product": {
                  "name": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
                  "product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.11.0-49"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
                "product": {
                  "name": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
                  "product_id": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.11.0-66"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
                "product": {
                  "name": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
                  "product_id": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
                "product": {
                  "name": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
                  "product_id": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.11.0-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
                "product": {
                  "name": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
                  "product_id": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.11.0-51"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
                "product": {
                  "name": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
                  "product_id": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
                "product": {
                  "name": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
                  "product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.11.0-23"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
                "product": {
                  "name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
                  "product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.11.0-23"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
                "product": {
                  "name": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
                  "product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.11.0-37"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
                "product": {
                  "name": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
                  "product_id": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
                "product": {
                  "name": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
                  "product_id": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.11.0-39"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
                "product": {
                  "name": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
                  "product_id": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.11.0-45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
                "product": {
                  "name": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
                  "product_id": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
                "product": {
                  "name": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
                  "product_id": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.11.0-29"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
                "product": {
                  "name": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
                  "product_id": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
                "product": {
                  "name": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
                  "product_id": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.11.0-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
                "product": {
                  "name": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
                  "product_id": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.11.0-24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
                "product": {
                  "name": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
                  "product_id": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
                "product": {
                  "name": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
                  "product_id": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.11.0-137"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
                "product": {
                  "name": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
                  "product_id": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.11.0-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
                "product": {
                  "name": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
                  "product_id": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64?arch=amd64\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.11.0-49"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64",
                "product": {
                  "name": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64",
                  "product_id": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319?arch=amd64\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.11.0-13"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x"
        },
        "product_reference": "odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64"
        },
        "product_reference": "odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le"
        },
        "product_reference": "odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64"
        },
        "product_reference": "odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x"
        },
        "product_reference": "odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
        },
        "product_reference": "odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le"
        },
        "product_reference": "odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64"
        },
        "product_reference": "odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x"
        },
        "product_reference": "odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le"
        },
        "product_reference": "odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x"
        },
        "product_reference": "odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64"
        },
        "product_reference": "odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x"
        },
        "product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le"
        },
        "product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64"
        },
        "product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le"
        },
        "product_reference": "odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64"
        },
        "product_reference": "odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x"
        },
        "product_reference": "odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64"
        },
        "product_reference": "odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x"
        },
        "product_reference": "odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le"
        },
        "product_reference": "odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64"
        },
        "product_reference": "odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le"
        },
        "product_reference": "odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x"
        },
        "product_reference": "odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64"
        },
        "product_reference": "odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le"
        },
        "product_reference": "odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
        },
        "product_reference": "odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x"
        },
        "product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le"
        },
        "product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64"
        },
        "product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le"
        },
        "product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x"
        },
        "product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64"
        },
        "product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64"
        },
        "product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x"
        },
        "product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le"
        },
        "product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64"
        },
        "product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le"
        },
        "product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x"
        },
        "product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le"
        },
        "product_reference": "odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x"
        },
        "product_reference": "odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64"
        },
        "product_reference": "odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x"
        },
        "product_reference": "odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le"
        },
        "product_reference": "odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64"
        },
        "product_reference": "odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64"
        },
        "product_reference": "odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le"
        },
        "product_reference": "odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x"
        },
        "product_reference": "odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64"
        },
        "product_reference": "odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x"
        },
        "product_reference": "odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le"
        },
        "product_reference": "odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x"
        },
        "product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64"
        },
        "product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le"
        },
        "product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le"
        },
        "product_reference": "odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64"
        },
        "product_reference": "odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x"
        },
        "product_reference": "odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64"
        },
        "product_reference": "odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x"
        },
        "product_reference": "odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le"
        },
        "product_reference": "odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x"
        },
        "product_reference": "odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le"
        },
        "product_reference": "odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64"
        },
        "product_reference": "odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64"
        },
        "product_reference": "odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x"
        },
        "product_reference": "odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le"
        },
        "product_reference": "odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x"
        },
        "product_reference": "odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le"
        },
        "product_reference": "odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
        },
        "product_reference": "odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x"
        },
        "product_reference": "odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64"
        },
        "product_reference": "odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
        },
        "product_reference": "odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x"
        },
        "product_reference": "odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64"
        },
        "product_reference": "odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
        },
        "product_reference": "odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le"
        },
        "product_reference": "odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x"
        },
        "product_reference": "odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64 as a component of RHODF 4.11 for RHEL 8",
          "product_id": "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        },
        "product_reference": "odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64",
        "relates_to_product_reference": "8Base-RHODF-4.11"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-23440",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "discovery_date": "2021-09-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2004944"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A type confusion vulnerability in nodejs-set-value can lead to a bypass of CVE-2019-10747. If the user-provided keys used in the path parameter are arrays, the function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or _proto_ payloads. This vulnerability can impact data confidentiality, integrity, and availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-set-value: type confusion allows bypass of CVE-2019-10747",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23440"
        },
        {
          "category": "external",
          "summary": "RHBZ#2004944",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004944"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23440",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23440",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23440"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-4jqc-8m5r-9rpr",
          "url": "https://github.com/advisories/GHSA-4jqc-8m5r-9rpr"
        }
      ],
      "release_date": "2021-09-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-set-value: type confusion allows bypass of CVE-2019-10747"
    },
    {
      "cve": "CVE-2021-23566",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2022-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2050853"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the nanoid library where the valueOf() function allows the reproduction of the last id generated. This flaw allows an attacker to expose sensitive information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nanoid: Information disclosure via valueOf() function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23566"
        },
        {
          "category": "external",
          "summary": "RHBZ#2050853",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050853"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23566",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23566"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23566",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23566"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2"
        }
      ],
      "release_date": "2022-01-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nanoid: Information disclosure via valueOf() function"
    },
    {
      "cve": "CVE-2022-0235",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2022-01-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2044591"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-fetch: exposure of sensitive information to an unauthorized actor",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-0235"
        },
        {
          "category": "external",
          "summary": "RHBZ#2044591",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/",
          "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/"
        }
      ],
      "release_date": "2022-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-fetch: exposure of sensitive information to an unauthorized actor"
    },
    {
      "cve": "CVE-2022-0536",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "discovery_date": "2022-02-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053259"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-0536"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053259",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536"
        }
      ],
      "release_date": "2022-02-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak"
    },
    {
      "cve": "CVE-2022-1650",
      "cwe": {
        "id": "CWE-359",
        "name": "Exposure of Private Personal Information to an Unauthorized Actor"
      },
      "discovery_date": "2022-05-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2085307"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "eventsource: Exposure of Sensitive Information",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1650"
        },
        {
          "category": "external",
          "summary": "RHBZ#2085307",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
          "url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
        }
      ],
      "release_date": "2022-05-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "eventsource: Exposure of Sensitive Information"
    },
    {
      "cve": "CVE-2022-21698",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "discovery_date": "2022-01-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2045880"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-21698"
        },
        {
          "category": "external",
          "summary": "RHBZ#2045880",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
        },
        {
          "category": "external",
          "summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
          "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
        }
      ],
      "release_date": "2022-02-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
    },
    {
      "cve": "CVE-2022-23772",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053532"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053532",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-01-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
    },
    {
      "cve": "CVE-2022-23773",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053541"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053541",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
    },
    {
      "cve": "CVE-2022-23806",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053429"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053429",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-24771",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2022-03-23T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2067387"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw affects the DigestAlgorithm structure.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24771"
        },
        {
          "category": "external",
          "summary": "RHBZ#2067387",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24771",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"
        }
      ],
      "release_date": "2022-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery"
    },
    {
      "cve": "CVE-2022-24772",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2022-03-23T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2067458"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw affects the DigestInfo ASN.1 structure.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24772"
        },
        {
          "category": "external",
          "summary": "RHBZ#2067458",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24772",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"
        }
      ],
      "release_date": "2022-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery"
    },
    {
      "cve": "CVE-2022-24773",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2022-03-23T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2067461"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the node-forge library when verifying the signature on the ASN.1 structure in RSA PKCS#1 v1.5. This flaw allows an attacker to obtain successful verification for invalid DigestInfo structure, affecting the integrity of the attacked resource.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: Signature verification leniency in checking `DigestInfo` structure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24773"
        },
        {
          "category": "external",
          "summary": "RHBZ#2067461",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067461"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24773"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24773",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24773"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr"
        }
      ],
      "release_date": "2022-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-forge: Signature verification leniency in checking `DigestInfo` structure"
    },
    {
      "cve": "CVE-2022-24785",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-04-05T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2072009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Moment.js: Path traversal  in moment.locale",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Quay 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "RHBZ#2072009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
        }
      ],
      "release_date": "2022-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        },
        {
          "category": "workaround",
          "details": "Sanitize the user-provided locale name before passing it to Moment.js.",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Moment.js: Path traversal  in moment.locale"
    },
    {
      "cve": "CVE-2022-24921",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-03-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2064857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: regexp: stack exhaustion via a deeply nested expression",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "RHBZ#2064857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
          "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
        }
      ],
      "release_date": "2022-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: regexp: stack exhaustion via a deeply nested expression"
    },
    {
      "cve": "CVE-2022-28327",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077689"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: panic caused by oversized scalar",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077689",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: panic caused by oversized scalar"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jo\u00ebl G\u00e4hwiler"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-29526",
      "cwe": {
        "id": "CWE-358",
        "name": "Improperly Implemented Security Check for Standard"
      },
      "discovery_date": "2022-05-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2084085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: syscall: faccessat checks wrong group",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "RHBZ#2084085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
          "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
        }
      ],
      "release_date": "2022-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: syscall: faccessat checks wrong group"
    },
    {
      "cve": "CVE-2022-29810",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "discovery_date": "2022-04-29T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2080279"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in go-getter, where the go-getter library can write SSH credentials into its log file. This flaw allows a local user with access to read log files to read sensitive credentials, which may lead to privilege escalation or account takeover.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-29810"
        },
        {
          "category": "external",
          "summary": "RHBZ#2080279",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080279"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29810",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29810"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29810",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29810"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/vulndb/issues/438",
          "url": "https://github.com/golang/vulndb/issues/438"
        }
      ],
      "release_date": "2022-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses"
    },
    {
      "cve": "CVE-2022-31129",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-07-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2105075"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "moment: inefficient parsing algorithm resulting in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
          "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
          "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
          "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
          "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
          "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
          "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
          "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
          "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
          "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
          "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
          "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
          "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
          "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
          "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
          "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
          "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
          "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "RHBZ#2105075",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
        }
      ],
      "release_date": "2022-07-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-24T13:45:52+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6156"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:3f7fbeb56a29d3e23855368a1fca0cf86d055e4d9ff0fe387eae1ae3bf266056_s390x",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:b795c0b44236237d5efca90eb9e2786a9b3e82968d5022eaed8848c7f49bb38d_amd64",
            "8Base-RHODF-4.11:odf4/cephcsi-rhel8@sha256:c45d178764106cb22cdc5f9adb354ea11211712e5be93b7a067d28f410067f0c_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:25e9cf317088b7a827629cb40ee7f816994b465e86f3b2df5a97931cfa4eb40d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:ab449f9f9aa1df48e076c283b19f32361ee5d531ffe13922401107095814708d_s390x",
            "8Base-RHODF-4.11:odf4/mcg-core-rhel8@sha256:d675998c5c475f799e937a3f90e59813d583e8f84a7f6759298ba92e50a9c288_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:0595b90d21f7a5a0ea91a11492f1dbfbe2759ecd9707a8e9e4953d57c973f801_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:4c9db259686a6de3247892d1ec915d185d5276e0d4de3545e4cf81ec8310c87d_amd64",
            "8Base-RHODF-4.11:odf4/mcg-operator-bundle@sha256:645eaf6f2412322d28789021b9393fb368156c4f2aa14528fe9209e3c22fe475_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:257eb2ca9f59ff15db9018038422382a6887b82c603515cd1b2b12781fbb189a_ppc64le",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:8d7d066a645cade7d01ecd3d0427cbadca889dc8c1a3ffde1f4193b777975c75_s390x",
            "8Base-RHODF-4.11:odf4/mcg-rhel8-operator@sha256:fc2c495c5236268e095265dd202587ab7bcf376b14a1e4d05875f5e053635cb0_amd64",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:261691407d9e36597d6de3fb2d7707f78ea9cdd91f6f674f86cfd9727c3ce739_s390x",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:6e447521417d9331f471ed77645354406adf47b94497c5f8f13a8966e6534cec_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-metrics-exporter-rhel8@sha256:9068cccd15cbe2c2c36c4a5633f704616653dc735256d78f588ec6e2b7e1e612_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:012fcf6f037110f56be4a72bb48ede013b764a0ee4615718d985397cafe11129_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:83b0764e21d3a1d2b4efe26bed9a3fdfe4b370ec9f7c4e2bf9cee44a9c33c5bb_amd64",
            "8Base-RHODF-4.11:odf4/ocs-must-gather-rhel8@sha256:8d177becb51a16957264e508d623fa2c0f11505b3819b306f39da154db947d91_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:088b8dc1d459270629610aab02666f99262c9675336d812b24e43df135d9e96a_amd64",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:0f61780f3b698672e76029d705abd69349cd01782626f66e9fd029be71b9c336_s390x",
            "8Base-RHODF-4.11:odf4/ocs-operator-bundle@sha256:4506d1dc937411d88d435e23b7bfd17cc48d04e237f697f0cb8d9da6c4b3daf4_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:57947da5535936416a10a9de871aa37dd69e157b762577ba30b7f8d1332eb644_amd64",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:717c291c0eae097da0432f36efc4c070c9e1fc3824344ad6ccac254a720fac05_ppc64le",
            "8Base-RHODF-4.11:odf4/ocs-rhel8-operator@sha256:ebe1cd859b8483554955c12229be987622825fb292f522a50e2d8c289c53cd65_s390x",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:a5fa14675b15c4e59ab9717051e3de0692e36baab909af1409075c7e85402c26_amd64",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:aa873670a03cda9fb7a56130f0be4f827dafe4aba7d00833f7020f8ce0a978ae_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-console-rhel8@sha256:e7055ac1518d19cd288af0a829f8e28fd1eef92e3e03044225b4c9b204e4d1e8_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:4776158851b33c146ef13f861d59db2340e74f86c35dfc6ab08f2fb7e2455a3b_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:74a8060b385b219f44eca200ca1e9e59006ea65fa8b3179b82511ccf94109134_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-operator-bundle@sha256:d969a8b0b2871ada6387543aef2482f42e8d7572da48f143e0ef3b66a1916cf5_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:055c71b5a6ae1a4ba5865dc6fca134523a793b30b1183da4ae318895692c5075_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:58ce943524354477e5c7792b9976aee14bc5589eeed4f8c9f891a4669620d0a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-rhel8-operator@sha256:bdafb62d8443db185ee2b766a4dcfef5fe38b8cade9f8ae19b736e9041fc5aea_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:0b9ecf62630f7ec27789275d02559675f58ed8efb9021f3af2031fde0a09fe6a_amd64",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:3ddf8e31f143ae15205e149921189fb3ea078064bfc1f059bfa0be4f6682a411_s390x",
            "8Base-RHODF-4.11:odf4/odf-csi-addons-sidecar-rhel8@sha256:6789e86605df10211bf7b0c51d89331164b8904002a84d846f02ae1f07b02de5_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b2104f1c1ea290abe89d5079a67f6adb6ecfa0fee06b87f907e51ae9ae09f1ce_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:b5eb82998b58c69f3b86dbd8422b0b3d539f9f7f6e41487087c5eae2e31978b2_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-must-gather-rhel8@sha256:c54add471c2ba0d6c6ae845908879a469fa4d51cfc03b5d824890464357410dc_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:1565dfca546929367e38ef7a9177485ddc330e07740fe05759312d8ffda1e5ed_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:ef8c8b736d860519a8d2dc9e53c932e49897c9865c11f55d00fc53c1c6b6b5be_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-operator-bundle@sha256:f25a6bce26e7464a67d77f8a598c5935ea81e125ae8e6cccaacb8b1ffc6b15f9_amd64",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:7af78e53c59a9113d7dbf0032acd27800c8e20a45f0558cfa19b75d992b2226c_s390x",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:a9403dfbec7706ddb25c1c10351676f90508f1961799cb5e5ad105f012f1165a_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-lvm-rhel8-operator@sha256:f13ed10fbb0c41c29af589134a0b1dcf940014711c181d3042686ec19032da10_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:363a523bcadfe94232264b87d484feee2bed956a578a442bcfcb9eb424fbca28_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:647b2c224070a0b32a8c9ea1ed0d6ebe78a0a73f064187e99c2d995bfe3c75fb_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-console-rhel8@sha256:71732a5f18f3020ed202f295dd06f7da56fd4c12e44663fb00ae76535bae11a5_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:30fadecc3fc709d2b63ba88f66abcf8b4a2912dd43a99025211391961c7c4899_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:6744d76335628f60d980b40c01997392835e5543f6ccd18b83fadb25c62d939f_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-operator-bundle@sha256:95bddcca209809635cf3f25a9f03f65bd6500b32eca6d77047627b421cf5c733_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:46a6ff2d2f0510628d6307773c800e7c8a9f7ba4f023493c9431307ba2432f9a_s390x",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:4ddf48a5670e1822b2013503cfb4bc9fb92164d3fe38d2f933bbb24b7417380f_amd64",
            "8Base-RHODF-4.11:odf4/odf-multicluster-rhel8-operator@sha256:95aee2ec39f6dd03a66655251063d3babad72422264b41139b0ee68f78cc9077_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:2dd1aa2a2abcbda0d921aaad29db55ae40a5869b62c7e14e5bd2ff71dc647c09_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:45695f266a4b31df6805ab24977e490f8d71b0e32ff4dfb2e0b397c66de66b21_amd64",
            "8Base-RHODF-4.11:odf4/odf-operator-bundle@sha256:bb65d8368da1cde5bccc7cfc2a9325c3357fb6f9701ccdee1b10252e2f23f6f0_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:007fa00f8c6cebc70ca122b2bd42b2833bfbd8990a377f297f3baab264410f6b_amd64",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:67e58a5edb0c3f482254eaa84b70b85e143fd80bedab32207b78e453e64ef1e6_s390x",
            "8Base-RHODF-4.11:odf4/odf-rhel8-operator@sha256:da3013f2a8d13db71e80f7085b69f1bf9f5e518d94eadf1204b431af4dc989f4_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:1240938e119303864ba4b6ad342beec13cced941a7ddb08f6003afebead9e88f_s390x",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:175337b3cba8447d0e8a05585faf4609cab47c4bf53be9bf6a2df05b8fa80ffa_ppc64le",
            "8Base-RHODF-4.11:odf4/odf-topolvm-rhel8@sha256:e0320e6557c1437af33a841b18ba70f4c2f0552b70180ba8b180c123d7f2f4f2_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:6aaa2a3d22794a96700450e25dcb873f3d4524ef901a023698f5728c5ca21800_amd64",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:d630da32e1e6c35a11ceb493fd7462b08fc27789fe0e0837cd7f5840a13bab44_s390x",
            "8Base-RHODF-4.11:odf4/odr-cluster-operator-bundle@sha256:eeda649c14488b6c57fc55af14b07e04173524bd7bc3b37e85ce2eaba50393dd_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:4186520d7a08afc8facfb6a804ae5e87eb6830d4063376416f87e24cd2f637b6_s390x",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:aacaa2b2c859b007212ecfdd2ea9fcbe152f293ea3f688e7e0a6316e1a8d04eb_ppc64le",
            "8Base-RHODF-4.11:odf4/odr-hub-operator-bundle@sha256:f5fc8d49a34bbcb6e18985593cb7f6ced9a4a81cb2d5dcc3207464f4eec8afe6_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:1f4065509ed12724f26b3ae5541f5e39bb9880b8d38f487b54db004d4cfedc54_s390x",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:66c69af462e5241eadc9e19cf2896f0986a423513b3b7f33228602038047d93e_amd64",
            "8Base-RHODF-4.11:odf4/odr-rhel8-operator@sha256:f647abc5dec4edada3f6d2db3d50b38ff90fc8a259d67465603a5f2fb40287c9_ppc64le",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:2e8b52f2f4eda1e7ea4ff737a9a5a839de25c378060237d1c35ca06ef1832b3c_s390x",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:5dea95a7f7ddc016993439441d53ed2ea553d2fabe3662a3f752c5c7ec0e5d64_amd64",
            "8Base-RHODF-4.11:odf4/rook-ceph-rhel8-operator@sha256:ede9a7e533fab96106afc33078b45785adc955aa43e2529b933164e0c14e74f2_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:57980c6f7c978f4062455c5d69aa430ad2ba2e00c1410076f4f2880c08e41393_ppc64le",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:b29e58dac60a544d740856b60266b9540e35a5e11aab859d89801ea34bc2c86a_s390x",
            "8Base-RHODF-4.11:odf4/volume-replication-rhel8-operator@sha256:c09762cf6683233431900504dc8b74962a652e3736d44502dc6970f59a540319_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "moment: inefficient parsing algorithm resulting in DoS"
    }
  ]
}

RHSA-2022:6277

Vulnerability from csaf_redhat - Published: 2022-08-31 16:58 - Updated: 2026-06-02 17:37

Summary

Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.5 security update

Severity

Moderate

Notes

Topic: Red Hat OpenShift Service Mesh 2.1.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Security Fix(es): * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * moment: Moment.js: Path traversal in moment.locale (CVE-2022-24785) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-24675

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 25 products

Product	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix

Known not affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch		—

Threats

Impact Moderate

CVE-2022-24785

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64	—	Vendor Fix fix Workaround

Known not affected 32 products

Product	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src	—	Workaround
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64	—	Workaround

Threats

Impact Moderate

CVE-2022-24921

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix

Known not affected 23 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64		—

Threats

Impact Moderate

CVE-2022-28327

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 25 products

Product	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix

Known not affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch		—

Threats

Impact Moderate

CVE-2022-29526

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-358 - Improperly Implemented Security Check for Standard

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64	—	Vendor Fix fix

Known not affected 28 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64		—

Threats

Impact Moderate

CVE-2022-30629

A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-331 - Insufficient Entropy

Affected products

Fixed 36 products

Product	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-31129

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64	—	Vendor Fix fix

Known not affected 32 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src		—
Unresolved product id: 8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64		—

Threats

Impact Moderate

References

44 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:6277	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-24675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://www.cve.org/CVERecord?id=CVE-2022-24675	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24675	external
https://groups.google.com/g/golang-announce/c/oec…	external
https://access.redhat.com/security/cve/CVE-2022-24785	self
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://www.cve.org/CVERecord?id=CVE-2022-24785	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24785	external
https://github.com/moment/moment/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2022-24921	self
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://www.cve.org/CVERecord?id=CVE-2022-24921	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24921	external
https://groups.google.com/g/golang-announce/c/RP1…	external
https://access.redhat.com/security/cve/CVE-2022-28327	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://www.cve.org/CVERecord?id=CVE-2022-28327	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28327	external
https://access.redhat.com/security/cve/CVE-2022-29526	self
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://www.cve.org/CVERecord?id=CVE-2022-29526	external
https://nvd.nist.gov/vuln/detail/CVE-2022-29526	external
https://groups.google.com/g/golang-announce/c/Y5q…	external
https://access.redhat.com/security/cve/CVE-2022-30629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://www.cve.org/CVERecord?id=CVE-2022-30629	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30629	external
https://groups.google.com/g/golang-announce/c/TzI…	external
https://access.redhat.com/security/cve/CVE-2022-31129	self
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://www.cve.org/CVERecord?id=CVE-2022-31129	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31129	external
https://github.com/moment/moment/security/advisor…	external

Acknowledgments

Joël Gähwiler

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Service Mesh 2.1.5\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n* moment: Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:6277",
        "url": "https://access.redhat.com/errata/RHSA-2022:6277"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2064857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
      },
      {
        "category": "external",
        "summary": "2072009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2077689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
      },
      {
        "category": "external",
        "summary": "2084085",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
      },
      {
        "category": "external",
        "summary": "2092793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
      },
      {
        "category": "external",
        "summary": "2105075",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6277.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.5 security update",
    "tracking": {
      "current_release_date": "2026-06-02T17:37:39+00:00",
      "generator": {
        "date": "2026-06-02T17:37:39+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2022:6277",
      "initial_release_date": "2022-08-31T16:58:21+00:00",
      "revision_history": [
        {
          "date": "2022-08-31T16:58:21+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-08-31T16:58:21+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:37:39+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Service Mesh 2.1",
                "product": {
                  "name": "OpenShift Service Mesh 2.1",
                  "product_id": "8Base-OSSM-2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_mesh:2.1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Service Mesh"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
                "product": {
                  "name": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
                  "product_id": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-proxy-debugsource@2.1.5-1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
                "product": {
                  "name": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
                  "product_id": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-proxy-debuginfo@2.1.5-1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
                "product": {
                  "name": "servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
                  "product_id": "servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.5-1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-operator-0:2.1.5-1.el8.ppc64le",
                "product": {
                  "name": "servicemesh-operator-0:2.1.5-1.el8.ppc64le",
                  "product_id": "servicemesh-operator-0:2.1.5-1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-operator@2.1.5-1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-0:2.1.5-1.el8.ppc64le",
                "product": {
                  "name": "servicemesh-0:2.1.5-1.el8.ppc64le",
                  "product_id": "servicemesh-0:2.1.5-1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh@2.1.5-1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-cni-0:2.1.5-1.el8.ppc64le",
                "product": {
                  "name": "servicemesh-cni-0:2.1.5-1.el8.ppc64le",
                  "product_id": "servicemesh-cni-0:2.1.5-1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-cni@2.1.5-1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
                "product": {
                  "name": "servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
                  "product_id": "servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.1.5-1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
                "product": {
                  "name": "servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
                  "product_id": "servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.1.5-1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
                "product": {
                  "name": "servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
                  "product_id": "servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-9.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
                "product": {
                  "name": "servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
                  "product_id": "servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.5-1.el8?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "servicemesh-proxy-0:2.1.5-1.el8.s390x",
                "product": {
                  "name": "servicemesh-proxy-0:2.1.5-1.el8.s390x",
                  "product_id": "servicemesh-proxy-0:2.1.5-1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.5-1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
                "product": {
                  "name": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
                  "product_id": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-proxy-debugsource@2.1.5-1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
                "product": {
                  "name": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
                  "product_id": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-proxy-debuginfo@2.1.5-1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-operator-0:2.1.5-1.el8.s390x",
                "product": {
                  "name": "servicemesh-operator-0:2.1.5-1.el8.s390x",
                  "product_id": "servicemesh-operator-0:2.1.5-1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-operator@2.1.5-1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-0:2.1.5-1.el8.s390x",
                "product": {
                  "name": "servicemesh-0:2.1.5-1.el8.s390x",
                  "product_id": "servicemesh-0:2.1.5-1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh@2.1.5-1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-cni-0:2.1.5-1.el8.s390x",
                "product": {
                  "name": "servicemesh-cni-0:2.1.5-1.el8.s390x",
                  "product_id": "servicemesh-cni-0:2.1.5-1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-cni@2.1.5-1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
                "product": {
                  "name": "servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
                  "product_id": "servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.1.5-1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
                "product": {
                  "name": "servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
                  "product_id": "servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.1.5-1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-prometheus-0:2.23.0-9.el8.s390x",
                "product": {
                  "name": "servicemesh-prometheus-0:2.23.0-9.el8.s390x",
                  "product_id": "servicemesh-prometheus-0:2.23.0-9.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-9.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
                "product": {
                  "name": "servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
                  "product_id": "servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.5-1.el8?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
                "product": {
                  "name": "servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
                  "product_id": "servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-proxy-wasm@2.1.5-1.el8?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "servicemesh-proxy-0:2.1.5-1.el8.src",
                "product": {
                  "name": "servicemesh-proxy-0:2.1.5-1.el8.src",
                  "product_id": "servicemesh-proxy-0:2.1.5-1.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.5-1.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-operator-0:2.1.5-1.el8.src",
                "product": {
                  "name": "servicemesh-operator-0:2.1.5-1.el8.src",
                  "product_id": "servicemesh-operator-0:2.1.5-1.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-operator@2.1.5-1.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-0:2.1.5-1.el8.src",
                "product": {
                  "name": "servicemesh-0:2.1.5-1.el8.src",
                  "product_id": "servicemesh-0:2.1.5-1.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh@2.1.5-1.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-prometheus-0:2.23.0-9.el8.src",
                "product": {
                  "name": "servicemesh-prometheus-0:2.23.0-9.el8.src",
                  "product_id": "servicemesh-prometheus-0:2.23.0-9.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-9.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-ratelimit-0:2.1.5-1.el8.src",
                "product": {
                  "name": "servicemesh-ratelimit-0:2.1.5-1.el8.src",
                  "product_id": "servicemesh-ratelimit-0:2.1.5-1.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.5-1.el8?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "servicemesh-proxy-0:2.1.5-1.el8.x86_64",
                "product": {
                  "name": "servicemesh-proxy-0:2.1.5-1.el8.x86_64",
                  "product_id": "servicemesh-proxy-0:2.1.5-1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.5-1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
                "product": {
                  "name": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
                  "product_id": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-proxy-debugsource@2.1.5-1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
                "product": {
                  "name": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
                  "product_id": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-proxy-debuginfo@2.1.5-1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-operator-0:2.1.5-1.el8.x86_64",
                "product": {
                  "name": "servicemesh-operator-0:2.1.5-1.el8.x86_64",
                  "product_id": "servicemesh-operator-0:2.1.5-1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-operator@2.1.5-1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-0:2.1.5-1.el8.x86_64",
                "product": {
                  "name": "servicemesh-0:2.1.5-1.el8.x86_64",
                  "product_id": "servicemesh-0:2.1.5-1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh@2.1.5-1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-cni-0:2.1.5-1.el8.x86_64",
                "product": {
                  "name": "servicemesh-cni-0:2.1.5-1.el8.x86_64",
                  "product_id": "servicemesh-cni-0:2.1.5-1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-cni@2.1.5-1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
                "product": {
                  "name": "servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
                  "product_id": "servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.1.5-1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
                "product": {
                  "name": "servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
                  "product_id": "servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.1.5-1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
                "product": {
                  "name": "servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
                  "product_id": "servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-9.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "servicemesh-ratelimit-0:2.1.5-1.el8.x86_64",
                "product": {
                  "name": "servicemesh-ratelimit-0:2.1.5-1.el8.x86_64",
                  "product_id": "servicemesh-ratelimit-0:2.1.5-1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.5-1.el8?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-0:2.1.5-1.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le"
        },
        "product_reference": "servicemesh-0:2.1.5-1.el8.ppc64le",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-0:2.1.5-1.el8.s390x as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x"
        },
        "product_reference": "servicemesh-0:2.1.5-1.el8.s390x",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-0:2.1.5-1.el8.src as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src"
        },
        "product_reference": "servicemesh-0:2.1.5-1.el8.src",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-0:2.1.5-1.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64"
        },
        "product_reference": "servicemesh-0:2.1.5-1.el8.x86_64",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-cni-0:2.1.5-1.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le"
        },
        "product_reference": "servicemesh-cni-0:2.1.5-1.el8.ppc64le",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-cni-0:2.1.5-1.el8.s390x as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x"
        },
        "product_reference": "servicemesh-cni-0:2.1.5-1.el8.s390x",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-cni-0:2.1.5-1.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64"
        },
        "product_reference": "servicemesh-cni-0:2.1.5-1.el8.x86_64",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-operator-0:2.1.5-1.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le"
        },
        "product_reference": "servicemesh-operator-0:2.1.5-1.el8.ppc64le",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-operator-0:2.1.5-1.el8.s390x as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x"
        },
        "product_reference": "servicemesh-operator-0:2.1.5-1.el8.s390x",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-operator-0:2.1.5-1.el8.src as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src"
        },
        "product_reference": "servicemesh-operator-0:2.1.5-1.el8.src",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-operator-0:2.1.5-1.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64"
        },
        "product_reference": "servicemesh-operator-0:2.1.5-1.el8.x86_64",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le"
        },
        "product_reference": "servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-pilot-agent-0:2.1.5-1.el8.s390x as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x"
        },
        "product_reference": "servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64"
        },
        "product_reference": "servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le"
        },
        "product_reference": "servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x"
        },
        "product_reference": "servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64"
        },
        "product_reference": "servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-prometheus-0:2.23.0-9.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le"
        },
        "product_reference": "servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-prometheus-0:2.23.0-9.el8.s390x as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x"
        },
        "product_reference": "servicemesh-prometheus-0:2.23.0-9.el8.s390x",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-prometheus-0:2.23.0-9.el8.src as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src"
        },
        "product_reference": "servicemesh-prometheus-0:2.23.0-9.el8.src",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-prometheus-0:2.23.0-9.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64"
        },
        "product_reference": "servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-proxy-0:2.1.5-1.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le"
        },
        "product_reference": "servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-proxy-0:2.1.5-1.el8.s390x as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x"
        },
        "product_reference": "servicemesh-proxy-0:2.1.5-1.el8.s390x",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-proxy-0:2.1.5-1.el8.src as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src"
        },
        "product_reference": "servicemesh-proxy-0:2.1.5-1.el8.src",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-proxy-0:2.1.5-1.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64"
        },
        "product_reference": "servicemesh-proxy-0:2.1.5-1.el8.x86_64",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le"
        },
        "product_reference": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x"
        },
        "product_reference": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64"
        },
        "product_reference": "servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le"
        },
        "product_reference": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x"
        },
        "product_reference": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64"
        },
        "product_reference": "servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch"
        },
        "product_reference": "servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le"
        },
        "product_reference": "servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-ratelimit-0:2.1.5-1.el8.s390x as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x"
        },
        "product_reference": "servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-ratelimit-0:2.1.5-1.el8.src as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src"
        },
        "product_reference": "servicemesh-ratelimit-0:2.1.5-1.el8.src",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "servicemesh-ratelimit-0:2.1.5-1.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
          "product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
        },
        "product_reference": "servicemesh-ratelimit-0:2.1.5-1.el8.x86_64",
        "relates_to_product_reference": "8Base-OSSM-2.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
        ],
        "known_not_affected": [
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-31T16:58:21+00:00",
          "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6277"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-24785",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-04-05T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2072009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Moment.js: Path traversal  in moment.locale",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Quay 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64"
        ],
        "known_not_affected": [
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "RHBZ#2072009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
        }
      ],
      "release_date": "2022-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-31T16:58:21+00:00",
          "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6277"
        },
        {
          "category": "workaround",
          "details": "Sanitize the user-provided locale name before passing it to Moment.js.",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Moment.js: Path traversal  in moment.locale"
    },
    {
      "cve": "CVE-2022-24921",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-03-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2064857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: regexp: stack exhaustion via a deeply nested expression",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64"
        ],
        "known_not_affected": [
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "RHBZ#2064857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
          "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
        }
      ],
      "release_date": "2022-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-31T16:58:21+00:00",
          "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6277"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: regexp: stack exhaustion via a deeply nested expression"
    },
    {
      "cve": "CVE-2022-28327",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077689"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: panic caused by oversized scalar",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
        ],
        "known_not_affected": [
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077689",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-31T16:58:21+00:00",
          "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6277"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: panic caused by oversized scalar"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jo\u00ebl G\u00e4hwiler"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-29526",
      "cwe": {
        "id": "CWE-358",
        "name": "Improperly Implemented Security Check for Standard"
      },
      "discovery_date": "2022-05-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2084085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: syscall: faccessat checks wrong group",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64"
        ],
        "known_not_affected": [
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "RHBZ#2084085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
          "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
        }
      ],
      "release_date": "2022-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-31T16:58:21+00:00",
          "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6277"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: syscall: faccessat checks wrong group"
    },
    {
      "cve": "CVE-2022-30629",
      "cwe": {
        "id": "CWE-331",
        "name": "Insufficient Entropy"
      },
      "discovery_date": "2022-06-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2092793"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: session tickets lack random ticket_age_add",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2092793",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
          "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
        }
      ],
      "release_date": "2022-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-31T16:58:21+00:00",
          "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6277"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: crypto/tls: session tickets lack random ticket_age_add"
    },
    {
      "cve": "CVE-2022-31129",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-07-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2105075"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "moment: inefficient parsing algorithm resulting in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
          "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64"
        ],
        "known_not_affected": [
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
          "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
          "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "RHBZ#2105075",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
        }
      ],
      "release_date": "2022-07-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-31T16:58:21+00:00",
          "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
          "product_ids": [
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6277"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-cni-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-operator-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.src",
            "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-9.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.5-1.el8.x86_64",
            "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.5-1.el8.noarch",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.ppc64le",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.s390x",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.src",
            "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.5-1.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "moment: inefficient parsing algorithm resulting in DoS"
    }
  ]
}

RHSA-2022:6290

Vulnerability from csaf_redhat - Published: 2022-09-01 01:24 - Updated: 2026-06-05 06:24

Summary

Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update

Severity

Moderate

Notes

Topic: OpenShift API for Data Protection (OADP) 1.1.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Security Fix(es) from Bugzilla: * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-21698

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-772 - Missing Release of Resource after Effective Lifetime

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64	—	Vendor Fix fix

Known not affected 33 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64		—

Threats

Impact Moderate

CVE-2022-24675

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 33 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64	—	Vendor Fix fix

Known not affected 3 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x		—

Threats

Impact Moderate

CVE-2022-28327

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 33 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64	—	Vendor Fix fix

Known not affected 3 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x		—

Threats

Impact Moderate

CVE-2022-30629

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-331 - Insufficient Entropy

Affected products

Fixed 33 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64	—	Vendor Fix fix

Known not affected 3 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x		—

Threats

Impact Low

CVE-2022-30631

A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 33 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64	—	Vendor Fix fix

Known not affected 3 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x		—

Threats

Impact Moderate

References

73 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:6290	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2045880	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://issues.redhat.com/browse/OADP-145	external
https://issues.redhat.com/browse/OADP-154	external
https://issues.redhat.com/browse/OADP-194	external
https://issues.redhat.com/browse/OADP-199	external
https://issues.redhat.com/browse/OADP-224	external
https://issues.redhat.com/browse/OADP-225	external
https://issues.redhat.com/browse/OADP-234	external
https://issues.redhat.com/browse/OADP-324	external
https://issues.redhat.com/browse/OADP-382	external
https://issues.redhat.com/browse/OADP-422	external
https://issues.redhat.com/browse/OADP-423	external
https://issues.redhat.com/browse/OADP-478	external
https://issues.redhat.com/browse/OADP-528	external
https://issues.redhat.com/browse/OADP-533	external
https://issues.redhat.com/browse/OADP-538	external
https://issues.redhat.com/browse/OADP-552	external
https://issues.redhat.com/browse/OADP-558	external
https://issues.redhat.com/browse/OADP-585	external
https://issues.redhat.com/browse/OADP-586	external
https://issues.redhat.com/browse/OADP-592	external
https://issues.redhat.com/browse/OADP-597	external
https://issues.redhat.com/browse/OADP-598	external
https://issues.redhat.com/browse/OADP-599	external
https://issues.redhat.com/browse/OADP-600	external
https://issues.redhat.com/browse/OADP-602	external
https://issues.redhat.com/browse/OADP-605	external
https://issues.redhat.com/browse/OADP-607	external
https://issues.redhat.com/browse/OADP-610	external
https://issues.redhat.com/browse/OADP-613	external
https://issues.redhat.com/browse/OADP-637	external
https://issues.redhat.com/browse/OADP-643	external
https://issues.redhat.com/browse/OADP-644	external
https://issues.redhat.com/browse/OADP-648	external
https://issues.redhat.com/browse/OADP-652	external
https://issues.redhat.com/browse/OADP-655	external
https://issues.redhat.com/browse/OADP-660	external
https://issues.redhat.com/browse/OADP-698	external
https://issues.redhat.com/browse/OADP-715	external
https://issues.redhat.com/browse/OADP-716	external
https://issues.redhat.com/browse/OADP-736	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-21698	self
https://bugzilla.redhat.com/show_bug.cgi?id=2045880	external
https://www.cve.org/CVERecord?id=CVE-2022-21698	external
https://nvd.nist.gov/vuln/detail/CVE-2022-21698	external
https://github.com/prometheus/client_golang/secur…	external
https://access.redhat.com/security/cve/CVE-2022-24675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://www.cve.org/CVERecord?id=CVE-2022-24675	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24675	external
https://groups.google.com/g/golang-announce/c/oec…	external
https://access.redhat.com/security/cve/CVE-2022-28327	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://www.cve.org/CVERecord?id=CVE-2022-28327	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28327	external
https://access.redhat.com/security/cve/CVE-2022-30629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://www.cve.org/CVERecord?id=CVE-2022-30629	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30629	external
https://groups.google.com/g/golang-announce/c/TzI…	external
https://access.redhat.com/security/cve/CVE-2022-30631	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://www.cve.org/CVERecord?id=CVE-2022-30631	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30631	external
https://go.dev/issue/53168	external
https://groups.google.com/g/golang-announce/c/nqr…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift API for Data Protection (OADP) 1.1.0 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:6290",
        "url": "https://access.redhat.com/errata/RHSA-2022:6290"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2045880",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2077689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
      },
      {
        "category": "external",
        "summary": "2092793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
      },
      {
        "category": "external",
        "summary": "2107342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
      },
      {
        "category": "external",
        "summary": "OADP-145",
        "url": "https://issues.redhat.com/browse/OADP-145"
      },
      {
        "category": "external",
        "summary": "OADP-154",
        "url": "https://issues.redhat.com/browse/OADP-154"
      },
      {
        "category": "external",
        "summary": "OADP-194",
        "url": "https://issues.redhat.com/browse/OADP-194"
      },
      {
        "category": "external",
        "summary": "OADP-199",
        "url": "https://issues.redhat.com/browse/OADP-199"
      },
      {
        "category": "external",
        "summary": "OADP-224",
        "url": "https://issues.redhat.com/browse/OADP-224"
      },
      {
        "category": "external",
        "summary": "OADP-225",
        "url": "https://issues.redhat.com/browse/OADP-225"
      },
      {
        "category": "external",
        "summary": "OADP-234",
        "url": "https://issues.redhat.com/browse/OADP-234"
      },
      {
        "category": "external",
        "summary": "OADP-324",
        "url": "https://issues.redhat.com/browse/OADP-324"
      },
      {
        "category": "external",
        "summary": "OADP-382",
        "url": "https://issues.redhat.com/browse/OADP-382"
      },
      {
        "category": "external",
        "summary": "OADP-422",
        "url": "https://issues.redhat.com/browse/OADP-422"
      },
      {
        "category": "external",
        "summary": "OADP-423",
        "url": "https://issues.redhat.com/browse/OADP-423"
      },
      {
        "category": "external",
        "summary": "OADP-478",
        "url": "https://issues.redhat.com/browse/OADP-478"
      },
      {
        "category": "external",
        "summary": "OADP-528",
        "url": "https://issues.redhat.com/browse/OADP-528"
      },
      {
        "category": "external",
        "summary": "OADP-533",
        "url": "https://issues.redhat.com/browse/OADP-533"
      },
      {
        "category": "external",
        "summary": "OADP-538",
        "url": "https://issues.redhat.com/browse/OADP-538"
      },
      {
        "category": "external",
        "summary": "OADP-552",
        "url": "https://issues.redhat.com/browse/OADP-552"
      },
      {
        "category": "external",
        "summary": "OADP-558",
        "url": "https://issues.redhat.com/browse/OADP-558"
      },
      {
        "category": "external",
        "summary": "OADP-585",
        "url": "https://issues.redhat.com/browse/OADP-585"
      },
      {
        "category": "external",
        "summary": "OADP-586",
        "url": "https://issues.redhat.com/browse/OADP-586"
      },
      {
        "category": "external",
        "summary": "OADP-592",
        "url": "https://issues.redhat.com/browse/OADP-592"
      },
      {
        "category": "external",
        "summary": "OADP-597",
        "url": "https://issues.redhat.com/browse/OADP-597"
      },
      {
        "category": "external",
        "summary": "OADP-598",
        "url": "https://issues.redhat.com/browse/OADP-598"
      },
      {
        "category": "external",
        "summary": "OADP-599",
        "url": "https://issues.redhat.com/browse/OADP-599"
      },
      {
        "category": "external",
        "summary": "OADP-600",
        "url": "https://issues.redhat.com/browse/OADP-600"
      },
      {
        "category": "external",
        "summary": "OADP-602",
        "url": "https://issues.redhat.com/browse/OADP-602"
      },
      {
        "category": "external",
        "summary": "OADP-605",
        "url": "https://issues.redhat.com/browse/OADP-605"
      },
      {
        "category": "external",
        "summary": "OADP-607",
        "url": "https://issues.redhat.com/browse/OADP-607"
      },
      {
        "category": "external",
        "summary": "OADP-610",
        "url": "https://issues.redhat.com/browse/OADP-610"
      },
      {
        "category": "external",
        "summary": "OADP-613",
        "url": "https://issues.redhat.com/browse/OADP-613"
      },
      {
        "category": "external",
        "summary": "OADP-637",
        "url": "https://issues.redhat.com/browse/OADP-637"
      },
      {
        "category": "external",
        "summary": "OADP-643",
        "url": "https://issues.redhat.com/browse/OADP-643"
      },
      {
        "category": "external",
        "summary": "OADP-644",
        "url": "https://issues.redhat.com/browse/OADP-644"
      },
      {
        "category": "external",
        "summary": "OADP-648",
        "url": "https://issues.redhat.com/browse/OADP-648"
      },
      {
        "category": "external",
        "summary": "OADP-652",
        "url": "https://issues.redhat.com/browse/OADP-652"
      },
      {
        "category": "external",
        "summary": "OADP-655",
        "url": "https://issues.redhat.com/browse/OADP-655"
      },
      {
        "category": "external",
        "summary": "OADP-660",
        "url": "https://issues.redhat.com/browse/OADP-660"
      },
      {
        "category": "external",
        "summary": "OADP-698",
        "url": "https://issues.redhat.com/browse/OADP-698"
      },
      {
        "category": "external",
        "summary": "OADP-715",
        "url": "https://issues.redhat.com/browse/OADP-715"
      },
      {
        "category": "external",
        "summary": "OADP-716",
        "url": "https://issues.redhat.com/browse/OADP-716"
      },
      {
        "category": "external",
        "summary": "OADP-736",
        "url": "https://issues.redhat.com/browse/OADP-736"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6290.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update",
    "tracking": {
      "current_release_date": "2026-06-05T06:24:25+00:00",
      "generator": {
        "date": "2026-06-05T06:24:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2022:6290",
      "initial_release_date": "2022-09-01T01:24:16+00:00",
      "revision_history": [
        {
          "date": "2022-09-01T01:24:16+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-09-01T01:24:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-05T06:24:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-OADP-1.1",
                "product": {
                  "name": "8Base-OADP-1.1",
                  "product_id": "8Base-OADP-1.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift API for Data Protection"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.0-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
                  "product_id": "oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.0-63"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x",
                  "product_id": "oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.0-74"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
                "product": {
                  "name": "oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
                  "product_id": "oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.0-50"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
                "product": {
                  "name": "oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
                  "product_id": "oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.0-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
                  "product_id": "oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.0-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.0-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.0-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
                "product": {
                  "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
                  "product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.0-24"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.0-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
                  "product_id": "oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.0-63"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
                  "product_id": "oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.0-74"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
                "product": {
                  "name": "oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
                  "product_id": "oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.0-50"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
                "product": {
                  "name": "oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
                  "product_id": "oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.0-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
                  "product_id": "oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.0-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.0-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.0-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64",
                "product": {
                  "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64",
                  "product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.0-24"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.0-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
                  "product_id": "oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.0-63"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
                  "product_id": "oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.0-74"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
                "product": {
                  "name": "oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
                  "product_id": "oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.0-50"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
                  "product_id": "oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.0-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.0-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.0-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.0-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
                "product": {
                  "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
                  "product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.0-24"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x"
        },
        "product_reference": "oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le"
        },
        "product_reference": "oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64"
        },
        "product_reference": "oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x"
        },
        "product_reference": "oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64"
        },
        "product_reference": "oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le"
        },
        "product_reference": "oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64"
        },
        "product_reference": "oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x"
        },
        "product_reference": "oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le"
        },
        "product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x"
        },
        "product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
        },
        "product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-21698",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "discovery_date": "2022-01-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2045880"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-21698"
        },
        {
          "category": "external",
          "summary": "RHBZ#2045880",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
        },
        {
          "category": "external",
          "summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
          "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
        }
      ],
      "release_date": "2022-02-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-01T01:24:16+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6290"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-01T01:24:16+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6290"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-28327",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077689"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: panic caused by oversized scalar",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077689",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-01T01:24:16+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6290"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: panic caused by oversized scalar"
    },
    {
      "cve": "CVE-2022-30629",
      "cwe": {
        "id": "CWE-331",
        "name": "Insufficient Entropy"
      },
      "discovery_date": "2022-06-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2092793"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: session tickets lack random ticket_age_add",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2092793",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
          "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
        }
      ],
      "release_date": "2022-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-01T01:24:16+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6290"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: crypto/tls: session tickets lack random ticket_age_add"
    },
    {
      "cve": "CVE-2022-30631",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: compress/gzip: stack exhaustion in Reader.Read",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53168",
          "url": "https://go.dev/issue/53168"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-01T01:24:16+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6290"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:649a065b112210ed1248ba2cadecc3d522b888239dc73942934e526fba1d69ad_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7368b20e3a42ea915f3811f0c9d21e509cbd054efacbd297e88e81fc27a49837_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:cde730978fa438855891755309c3bb75dc38771f1a94f9ff26a0a1b31a129f01_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:183d6de4eed893e0a76d661fdc13858e57a2ed5aeb34f3be6cb6850ef180d141_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:3bf1c9f828cf6f3e318078f081a4fc50a7c2efc8c12d09e6feddc8593cb8727a_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:a17ef49b0cae63b6a7735180683b4d9a15a9a3caa0f14e10ced1e62d0878c3b0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:95671d1a49ec698f3efd842fa03d98aa2128c2367a0f81f695c47d1bff047bd9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:d7441686f4447f6b600c08c8d697e4db91b8b927554df6785d61a8d851baacf0_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:dcae0dc90e97361b931ab189f52021a3a4add42fd02033053f32924580af4dc5_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:993c32f9a9ceba160e76fc2200deca5675506c00f2411bc1dbb16c7458789d5d_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:ea946614675a9479631e3d5dafae5219dc07c6fe239a833143b69be7f73fa7f5_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:eb2965df49c5ff2d53be06b7b4d488510f569c7aaf567999e6d467556572814d_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:687c4ab44bd97d033fd3d7fd23d9e0bc011d006608cdfedab668a1fde874d54f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:cb225573b7adf5956fb12c01e43ba1f04d80e4f820c9aa6af6a50924980c1ea2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:dded3f6cc24924b79dbb8e6e79b800274f2054b737a42e93176783605859907e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:36c9326a4b96448cb00582d7296270a927761ba0f0616fb8ed4c5987d4e8a70c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:cd92d9d091b62421632d941db6a9b2c33c1965cf4112a9fb036a09ebe988b91c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e9e24889681ccd31df9d1831afdf0993f6ce6cd24fde3b4795fe16d824e0416f_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:01fe6a0edd12b1e2502eaf14ad6d8e29f2b014c0a28883e4f7523a3acb931ec9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7e8544cc441e90e3a44f333f418959f2afe106a04bd117c42a5c482ed7e74d99_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:e4f3b3a59db8d9180010e87b7502fd3418340cd082bc36f79c6bb38327e925e0_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:24b9694e68a16a51220789c91dc00ead20c531221de4a5bae7d9fa7107cbe707_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:3dd0e9f28febd7e31e6250fc0a86f9908b501bfec9368388c0228aefc5059acd_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:69745821846f79362dc9f39bc702fd481db05e82913edb718502a311ce38ab8e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0f90a21e45f9d76b6abedcd1b6ffe2843045163702b5f9038f715bf3db0e1b4e_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:63d5f5165b1fb8942ae60f4b14af2fe39bcc054184c93695b91ef7c26e9eafb2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:bab55f61f70fe687df984186240c76c5b10f7b5362b2f9a4e21a47d4494d02f2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:22db35503cef946d1a193f5531017a456d3b34bc26d2b431954f5d385b7be9d8_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:268761f1d56d84d41f0a1bd35ae9a050cab7407b4bf47b4a64eb07aef275194e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:45ae2d99bc7d4c93bace74f285805faa0ad27561037b6b2406e6c4e86ac669f7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:4e78c9adf01a838ccce151c88bdaf331105472857d096194b6f628ce246e43b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:5a11fc682e58aefed3c33c77a536e6677f7bfbac18ca624f7004f7d44a1b8446_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:af3c09e10824aebdaf117391ac53519e7128fe789252f8ecb4b144883e74c8e9_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:4c7febd90b1af2af27ab252d9774c49a9387d63589fde14d76e25e348c224c7f_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8e2322c382d4cbc9717833c702ebd04dfaf2afe04ce87990662569552e78357c_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:cde9184ab5f6fd8f4448913d802d0dcdf2a6830facc1a4732dec6eb09bf1b273_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: compress/gzip: stack exhaustion in Reader.Read"
    }
  ]
}

RHSA-2022:6430

Vulnerability from csaf_redhat - Published: 2022-09-13 02:09 - Updated: 2026-06-05 06:24

Summary

Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update

Severity

Moderate

Notes

Topic: OpenShift API for Data Protection (OADP) 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Security Fix(es): * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962) * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-1705

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64		—	Vendor Fix fix

Known not affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64		—

Threats

Impact Moderate

CVE-2022-1962

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64		—	Vendor Fix fix

Known not affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64		—

Threats

Impact Moderate

CVE-2022-21698

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-772 - Missing Release of Resource after Effective Lifetime

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64		—	Vendor Fix fix

Known not affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64		—

Threats

Impact Moderate

CVE-2022-24675

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64		—	Vendor Fix fix

Known not affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64		—

Threats

Impact Moderate

CVE-2022-30629

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-331 - Insufficient Entropy

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-30630

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64		—	Vendor Fix fix

Known not affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64		—

Threats

Impact Moderate

CVE-2022-30631

A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64		—	Vendor Fix fix

Known not affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64		—

Threats

Impact Moderate

CVE-2022-32148

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64		—	Vendor Fix fix

Known not affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64		—
Unresolved product id: 8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64		—

Threats

Impact Moderate

References

52 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:6430	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2045880	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107371	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107374	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107376	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107383	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-1705	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107374	external
https://www.cve.org/CVERecord?id=CVE-2022-1705	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1705	external
https://go.dev/issue/53188	external
https://groups.google.com/g/golang-announce/c/nqr…	external
https://access.redhat.com/security/cve/CVE-2022-1962	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107376	external
https://www.cve.org/CVERecord?id=CVE-2022-1962	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1962	external
https://go.dev/issue/53616	external
https://access.redhat.com/security/cve/CVE-2022-21698	self
https://bugzilla.redhat.com/show_bug.cgi?id=2045880	external
https://www.cve.org/CVERecord?id=CVE-2022-21698	external
https://nvd.nist.gov/vuln/detail/CVE-2022-21698	external
https://github.com/prometheus/client_golang/secur…	external
https://access.redhat.com/security/cve/CVE-2022-24675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://www.cve.org/CVERecord?id=CVE-2022-24675	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24675	external
https://groups.google.com/g/golang-announce/c/oec…	external
https://access.redhat.com/security/cve/CVE-2022-30629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://www.cve.org/CVERecord?id=CVE-2022-30629	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30629	external
https://groups.google.com/g/golang-announce/c/TzI…	external
https://access.redhat.com/security/cve/CVE-2022-30630	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107371	external
https://www.cve.org/CVERecord?id=CVE-2022-30630	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30630	external
https://go.dev/issue/53415	external
https://access.redhat.com/security/cve/CVE-2022-30631	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://www.cve.org/CVERecord?id=CVE-2022-30631	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30631	external
https://go.dev/issue/53168	external
https://access.redhat.com/security/cve/CVE-2022-32148	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107383	external
https://www.cve.org/CVERecord?id=CVE-2022-32148	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32148	external
https://go.dev/issue/53423	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift API for Data Protection (OADP) 1.0.4 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:6430",
        "url": "https://access.redhat.com/errata/RHSA-2022:6430"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2045880",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2092793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
      },
      {
        "category": "external",
        "summary": "2107342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
      },
      {
        "category": "external",
        "summary": "2107371",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
      },
      {
        "category": "external",
        "summary": "2107374",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
      },
      {
        "category": "external",
        "summary": "2107376",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
      },
      {
        "category": "external",
        "summary": "2107383",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6430.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update",
    "tracking": {
      "current_release_date": "2026-06-05T06:24:34+00:00",
      "generator": {
        "date": "2026-06-05T06:24:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2022:6430",
      "initial_release_date": "2022-09-13T02:09:43+00:00",
      "revision_history": [
        {
          "date": "2022-09-13T02:09:43+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-09-13T02:09:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-05T06:24:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-OADP-1.0",
                "product": {
                  "name": "8Base-OADP-1.0",
                  "product_id": "8Base-OADP-1.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift API for Data Protection"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.0.4-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
                  "product_id": "oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.0.4-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
                  "product_id": "oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.0.4-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
                "product": {
                  "name": "oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
                  "product_id": "oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.0.4-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
                "product": {
                  "name": "oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
                  "product_id": "oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-registry-rhel8\u0026tag=1.0.4-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64",
                "product": {
                  "name": "oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64",
                  "product_id": "oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.0.4-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
                  "product_id": "oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.0.4-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.0.4-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.0.4-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.0.4-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.0.4-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.0.4-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64"
        },
        "product_reference": "oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64"
        },
        "product_reference": "oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64"
        },
        "product_reference": "oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
        },
        "product_reference": "oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-1705",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107374"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: improper sanitization of Transfer-Encoding header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
          "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
          "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
          "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
          "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107374",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53188",
          "url": "https://go.dev/issue/53188"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-13T02:09:43+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6430"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: improper sanitization of Transfer-Encoding header"
    },
    {
      "cve": "CVE-2022-1962",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107376"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: go/parser: stack exhaustion in all Parse* functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
          "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
          "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
          "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
          "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107376",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53616",
          "url": "https://go.dev/issue/53616"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-13T02:09:43+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6430"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: go/parser: stack exhaustion in all Parse* functions"
    },
    {
      "cve": "CVE-2022-21698",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "discovery_date": "2022-01-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2045880"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
          "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
          "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
          "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-21698"
        },
        {
          "category": "external",
          "summary": "RHBZ#2045880",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
        },
        {
          "category": "external",
          "summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
          "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
        }
      ],
      "release_date": "2022-02-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-13T02:09:43+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6430"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
          "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
          "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
          "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-13T02:09:43+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6430"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-30629",
      "cwe": {
        "id": "CWE-331",
        "name": "Insufficient Entropy"
      },
      "discovery_date": "2022-06-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2092793"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: session tickets lack random ticket_age_add",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
          "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
          "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
          "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
          "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2092793",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
          "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
        }
      ],
      "release_date": "2022-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-13T02:09:43+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6430"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: crypto/tls: session tickets lack random ticket_age_add"
    },
    {
      "cve": "CVE-2022-30630",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107371"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: io/fs: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
          "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
          "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
          "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
          "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107371",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53415",
          "url": "https://go.dev/issue/53415"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-13T02:09:43+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6430"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: io/fs: stack exhaustion in Glob"
    },
    {
      "cve": "CVE-2022-30631",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: compress/gzip: stack exhaustion in Reader.Read",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
          "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
          "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
          "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
          "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53168",
          "url": "https://go.dev/issue/53168"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-13T02:09:43+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6430"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: compress/gzip: stack exhaustion in Reader.Read"
    },
    {
      "cve": "CVE-2022-32148",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107383"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
          "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
          "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
          "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
          "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107383",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53423",
          "url": "https://go.dev/issue/53423"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-13T02:09:43+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6430"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:d5d5e8252fd5c5fc38e0a28aef3b209302da2403381906a4fc16996201ea602d_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:ce71a41a5ea7455baf6ef8b71e3212f61fba35ade50b632b91cdf53ae2cd412f_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:d803961b4c075fe513459313dea1245871413d29d3232a0a12973db7398409db_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:10ab07c1494e47c1da64e61e5a5e5889e5e74429a10da95a9f908f5bf0c0553a_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:8769890ce3bd07afb147fd045bdfd4dd02f7d2a83857728d60fe576c455f8a56_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d8672ec946550fb12ba952f305bc9cb4d820b776a5b16b7932657837b4d242ab_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:58b31dd30b9bcb47a5d590ca4197ea4aebd6ba5e9e73055a5889da889d1e63e8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:dfcf22434189301007fb440c6b714a04163c931cbc3021f337b19ccf840bde70_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:383434ed3aafd0b55384f84fd1204b8ae62e6743472ca9f1beb0878be8044f89_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:bf5d6974202df79eac08dfd475fa1c2f7d21819ef5e4d5a7f761b73424429128_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:31dfff0d43517d4dee4c47a1d05705b30b74a180794cc6f8a2a156b91c14d5fd_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:efb4eb48cbd2ee2276844bc6a6c0fb402c293faabd0a56b1ba3e8b41da0d99a8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
    }
  ]
}

RHSA-2022:6526

Vulnerability from csaf_redhat - Published: 2022-09-14 19:28 - Updated: 2026-06-02 17:37

Summary

Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update

Severity

Important

Notes

Topic: Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11 =============== hostpath-provisioner-container-v4.11.0-21 kubevirt-tekton-tasks-operator-container-v4.11.0-29 kubevirt-template-validator-container-v4.11.0-17 bridge-marker-container-v4.11.0-26 hostpath-csi-driver-container-v4.11.0-21 cluster-network-addons-operator-container-v4.11.0-26 ovs-cni-marker-container-v4.11.0-26 virtio-win-container-v4.11.0-16 ovs-cni-plugin-container-v4.11.0-26 kubemacpool-container-v4.11.0-26 hostpath-provisioner-operator-container-v4.11.0-24 cnv-containernetworking-plugins-container-v4.11.0-26 kubevirt-ssp-operator-container-v4.11.0-54 virt-cdi-uploadserver-container-v4.11.0-59 virt-cdi-cloner-container-v4.11.0-59 virt-cdi-operator-container-v4.11.0-59 virt-cdi-importer-container-v4.11.0-59 virt-cdi-uploadproxy-container-v4.11.0-59 virt-cdi-controller-container-v4.11.0-59 virt-cdi-apiserver-container-v4.11.0-59 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7 kubevirt-tekton-tasks-copy-template-container-v4.11.0-7 checkup-framework-container-v4.11.0-67 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7 vm-network-latency-checkup-container-v4.11.0-67 kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7 hyperconverged-cluster-webhook-container-v4.11.0-95 cnv-must-gather-container-v4.11.0-62 hyperconverged-cluster-operator-container-v4.11.0-95 kubevirt-console-plugin-container-v4.11.0-83 virt-controller-container-v4.11.0-105 virt-handler-container-v4.11.0-105 virt-operator-container-v4.11.0-105 virt-launcher-container-v4.11.0-105 virt-artifacts-server-container-v4.11.0-105 virt-api-container-v4.11.0-105 libguestfs-tools-container-v4.11.0-105 hco-bundle-registry-container-v4.11.0-587 Security Fix(es): * golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) * kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798) * golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698) * golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) * golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773) * golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-38561

A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64		—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64		—	Vendor Fix fix

Known not affected 12 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64		—

Threats

Impact Moderate

CVE-2021-44716

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2021-44717

There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2022-1798

An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-21698

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-772 - Missing Release of Resource after Effective Lifetime

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-23772

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64		—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64		—	Vendor Fix fix

Known not affected 12 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64		—

Threats

Impact Moderate

CVE-2022-23773

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-266 - Incorrect Privilege Assignment

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-23806

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-252 - Unchecked Return Value

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-24675

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64		—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64		—	Vendor Fix fix

Known not affected 12 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64		—

Threats

Impact Moderate

CVE-2022-24921

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-27191

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-28327

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64		—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64		—	Vendor Fix fix

Known not affected 12 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64		—

Threats

Impact Moderate

References

401 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:6526	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1937609	external
https://bugzilla.redhat.com/show_bug.cgi?id=1945593	external
https://bugzilla.redhat.com/show_bug.cgi?id=1968514	external
https://bugzilla.redhat.com/show_bug.cgi?id=1993109	external
https://bugzilla.redhat.com/show_bug.cgi?id=1994604	external
https://bugzilla.redhat.com/show_bug.cgi?id=2001385	external
https://bugzilla.redhat.com/show_bug.cgi?id=2009793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2010318	external
https://bugzilla.redhat.com/show_bug.cgi?id=2025276	external
https://bugzilla.redhat.com/show_bug.cgi?id=2025401	external
https://bugzilla.redhat.com/show_bug.cgi?id=2026357	external
https://bugzilla.redhat.com/show_bug.cgi?id=2029349	external
https://bugzilla.redhat.com/show_bug.cgi?id=2030801	external
https://bugzilla.redhat.com/show_bug.cgi?id=2030806	external
https://bugzilla.redhat.com/show_bug.cgi?id=2031857	external
https://bugzilla.redhat.com/show_bug.cgi?id=2033077	external
https://bugzilla.redhat.com/show_bug.cgi?id=2035344	external
https://bugzilla.redhat.com/show_bug.cgi?id=2036676	external
https://bugzilla.redhat.com/show_bug.cgi?id=2039976	external
https://bugzilla.redhat.com/show_bug.cgi?id=2040766	external
https://bugzilla.redhat.com/show_bug.cgi?id=2041467	external
https://bugzilla.redhat.com/show_bug.cgi?id=2042402	external
https://bugzilla.redhat.com/show_bug.cgi?id=2042809	external
https://bugzilla.redhat.com/show_bug.cgi?id=2045086	external
https://bugzilla.redhat.com/show_bug.cgi?id=2045880	external
https://bugzilla.redhat.com/show_bug.cgi?id=2047186	external
https://bugzilla.redhat.com/show_bug.cgi?id=2051899	external
https://bugzilla.redhat.com/show_bug.cgi?id=2052094	external
https://bugzilla.redhat.com/show_bug.cgi?id=2052466	external
https://bugzilla.redhat.com/show_bug.cgi?id=2052689	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053429	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053532	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053541	external
https://bugzilla.redhat.com/show_bug.cgi?id=2056467	external
https://bugzilla.redhat.com/show_bug.cgi?id=2057157	external
https://bugzilla.redhat.com/show_bug.cgi?id=2057310	external
https://bugzilla.redhat.com/show_bug.cgi?id=2058149	external
https://bugzilla.redhat.com/show_bug.cgi?id=2058925	external
https://bugzilla.redhat.com/show_bug.cgi?id=2059121	external
https://bugzilla.redhat.com/show_bug.cgi?id=2060485	external
https://bugzilla.redhat.com/show_bug.cgi?id=2060585	external
https://bugzilla.redhat.com/show_bug.cgi?id=2061208	external
https://bugzilla.redhat.com/show_bug.cgi?id=2061723	external
https://bugzilla.redhat.com/show_bug.cgi?id=2063540	external
https://bugzilla.redhat.com/show_bug.cgi?id=2063792	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064034	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064702	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064936	external
https://bugzilla.redhat.com/show_bug.cgi?id=2065014	external
https://bugzilla.redhat.com/show_bug.cgi?id=2065019	external
https://bugzilla.redhat.com/show_bug.cgi?id=2066768	external
https://bugzilla.redhat.com/show_bug.cgi?id=2067246	external
https://bugzilla.redhat.com/show_bug.cgi?id=2069287	external
https://bugzilla.redhat.com/show_bug.cgi?id=2069388	external
https://bugzilla.redhat.com/show_bug.cgi?id=2070366	external
https://bugzilla.redhat.com/show_bug.cgi?id=2070864	external
https://bugzilla.redhat.com/show_bug.cgi?id=2071488	external
https://bugzilla.redhat.com/show_bug.cgi?id=2071549	external
https://bugzilla.redhat.com/show_bug.cgi?id=2071611	external
https://bugzilla.redhat.com/show_bug.cgi?id=2071921	external
https://bugzilla.redhat.com/show_bug.cgi?id=2073669	external
https://bugzilla.redhat.com/show_bug.cgi?id=2073679	external
https://bugzilla.redhat.com/show_bug.cgi?id=2073982	external
https://bugzilla.redhat.com/show_bug.cgi?id=2074337	external
https://bugzilla.redhat.com/show_bug.cgi?id=2075200	external
https://bugzilla.redhat.com/show_bug.cgi?id=2075409	external
https://bugzilla.redhat.com/show_bug.cgi?id=2076292	external
https://bugzilla.redhat.com/show_bug.cgi?id=2076379	external
https://bugzilla.redhat.com/show_bug.cgi?id=2076790	external
https://bugzilla.redhat.com/show_bug.cgi?id=2076908	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://bugzilla.redhat.com/show_bug.cgi?id=2078700	external
https://bugzilla.redhat.com/show_bug.cgi?id=2078703	external
https://bugzilla.redhat.com/show_bug.cgi?id=2078709	external
https://bugzilla.redhat.com/show_bug.cgi?id=2078728	external
https://bugzilla.redhat.com/show_bug.cgi?id=2079366	external
https://bugzilla.redhat.com/show_bug.cgi?id=2079674	external
https://bugzilla.redhat.com/show_bug.cgi?id=2079783	external
https://bugzilla.redhat.com/show_bug.cgi?id=2080132	external
https://bugzilla.redhat.com/show_bug.cgi?id=2080155	external
https://bugzilla.redhat.com/show_bug.cgi?id=2080547	external
https://bugzilla.redhat.com/show_bug.cgi?id=2080833	external
https://bugzilla.redhat.com/show_bug.cgi?id=2080835	external
https://bugzilla.redhat.com/show_bug.cgi?id=2081182	external
https://bugzilla.redhat.com/show_bug.cgi?id=2081202	external
https://bugzilla.redhat.com/show_bug.cgi?id=2081409	external
https://bugzilla.redhat.com/show_bug.cgi?id=2081671	external
https://bugzilla.redhat.com/show_bug.cgi?id=2081831	external
https://bugzilla.redhat.com/show_bug.cgi?id=2082008	external
https://bugzilla.redhat.com/show_bug.cgi?id=2082164	external
https://bugzilla.redhat.com/show_bug.cgi?id=2082912	external
https://bugzilla.redhat.com/show_bug.cgi?id=2083093	external
https://bugzilla.redhat.com/show_bug.cgi?id=2083097	external
https://bugzilla.redhat.com/show_bug.cgi?id=2083100	external
https://bugzilla.redhat.com/show_bug.cgi?id=2083101	external
https://bugzilla.redhat.com/show_bug.cgi?id=2083135	external
https://bugzilla.redhat.com/show_bug.cgi?id=2083256	external
https://bugzilla.redhat.com/show_bug.cgi?id=2083595	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084102	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084122	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084418	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084431	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084476	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084532	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084610	external
https://bugzilla.redhat.com/show_bug.cgi?id=2085320	external
https://bugzilla.redhat.com/show_bug.cgi?id=2085322	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086272	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086278	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086281	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086286	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086293	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086294	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086303	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086479	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086486	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086488	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086769	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086803	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086825	external
https://bugzilla.redhat.com/show_bug.cgi?id=2086849	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087188	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087189	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087232	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087546	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087547	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087566	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087570	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087577	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087578	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087582	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087583	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087584	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087587	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087589	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087590	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087593	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087603	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087616	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087701	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087717	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088034	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088355	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088361	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088379	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088407	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088471	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088472	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088477	external
https://bugzilla.redhat.com/show_bug.cgi?id=2088849	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089078	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089271	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089327	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089376	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089477	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089700	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089745	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089789	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089825	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089836	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089840	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089877	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089932	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089942	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089954	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089963	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089967	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089970	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089972	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089979	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089982	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090035	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090036	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090037	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090038	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090042	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090043	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090046	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090048	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090054	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090055	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090056	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090057	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090059	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090064	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090066	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090068	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090131	external
https://bugzilla.redhat.com/show_bug.cgi?id=2090350	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091003	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091058	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091309	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091406	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091754	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091755	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091756	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091758	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091760	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091761	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091762	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091764	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091765	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091766	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091853	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091863	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091868	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091889	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091897	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091904	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091911	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091940	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091945	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091946	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091982	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092048	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092052	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092071	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092079	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092158	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092228	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092230	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092306	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092337	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092359	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092654	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092662	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092663	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092664	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092781	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092783	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092787	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092789	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092951	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093282	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093691	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093713	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093715	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093716	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093772	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093773	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093866	external
https://bugzilla.redhat.com/show_bug.cgi?id=2093867	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094202	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094207	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094208	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094217	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094222	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094323	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094405	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094440	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094451	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094453	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094471	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094481	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094486	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094491	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094495	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094646	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094665	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094678	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094727	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094807	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094813	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094848	external
https://bugzilla.redhat.com/show_bug.cgi?id=2095125	external
https://bugzilla.redhat.com/show_bug.cgi?id=2095129	external
https://bugzilla.redhat.com/show_bug.cgi?id=2095224	external
https://bugzilla.redhat.com/show_bug.cgi?id=2095529	external
https://bugzilla.redhat.com/show_bug.cgi?id=2095530	external
https://bugzilla.redhat.com/show_bug.cgi?id=2095532	external
https://bugzilla.redhat.com/show_bug.cgi?id=2095537	external
https://bugzilla.redhat.com/show_bug.cgi?id=2095570	external
https://bugzilla.redhat.com/show_bug.cgi?id=2095573	external
https://bugzilla.redhat.com/show_bug.cgi?id=2095953	external
https://bugzilla.redhat.com/show_bug.cgi?id=2095955	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096166	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096206	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096208	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096263	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096333	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096492	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096502	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096510	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096511	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096620	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096781	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096801	external
https://bugzilla.redhat.com/show_bug.cgi?id=2096845	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097328	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097370	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097586	external
https://bugzilla.redhat.com/show_bug.cgi?id=2098134	external
https://bugzilla.redhat.com/show_bug.cgi?id=2098135	external
https://bugzilla.redhat.com/show_bug.cgi?id=2098282	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099443	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099533	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099535	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099539	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099566	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099608	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099633	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099639	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099802	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100054	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100284	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100415	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100495	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101164	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101192	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101430	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101454	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101485	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101628	external
https://bugzilla.redhat.com/show_bug.cgi?id=2101954	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102076	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102116	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102117	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102122	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102124	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102125	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102127	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102129	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102131	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102135	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102143	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102256	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102448	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102543	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102544	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102545	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104617	external
https://bugzilla.redhat.com/show_bug.cgi?id=2106175	external
https://bugzilla.redhat.com/show_bug.cgi?id=2106258	external
https://bugzilla.redhat.com/show_bug.cgi?id=2110178	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111359	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111562	external
https://bugzilla.redhat.com/show_bug.cgi?id=2117872	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-38561	self
https://bugzilla.redhat.com/show_bug.cgi?id=2100495	external
https://www.cve.org/CVERecord?id=CVE-2021-38561	external
https://nvd.nist.gov/vuln/detail/CVE-2021-38561	external
https://pkg.go.dev/vuln/GO-2021-0113	external
https://access.redhat.com/security/cve/CVE-2021-44716	self
https://bugzilla.redhat.com/show_bug.cgi?id=2030801	external
https://www.cve.org/CVERecord?id=CVE-2021-44716	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44716	external
https://groups.google.com/g/golang-announce/c/hcm…	external
https://access.redhat.com/security/cve/CVE-2021-44717	self
https://bugzilla.redhat.com/show_bug.cgi?id=2030806	external
https://www.cve.org/CVERecord?id=CVE-2021-44717	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44717	external
https://access.redhat.com/security/cve/CVE-2022-1798	self
https://bugzilla.redhat.com/show_bug.cgi?id=2117872	external
https://www.cve.org/CVERecord?id=CVE-2022-1798	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1798	external
https://github.com/google/security-research/secur…	external
https://access.redhat.com/security/cve/CVE-2022-21698	self
https://bugzilla.redhat.com/show_bug.cgi?id=2045880	external
https://www.cve.org/CVERecord?id=CVE-2022-21698	external
https://nvd.nist.gov/vuln/detail/CVE-2022-21698	external
https://github.com/prometheus/client_golang/secur…	external
https://access.redhat.com/security/cve/CVE-2022-23772	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053532	external
https://www.cve.org/CVERecord?id=CVE-2022-23772	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23772	external
https://groups.google.com/g/golang-announce/c/SUs…	external
https://access.redhat.com/security/cve/CVE-2022-23773	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053541	external
https://www.cve.org/CVERecord?id=CVE-2022-23773	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23773	external
https://access.redhat.com/security/cve/CVE-2022-23806	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053429	external
https://www.cve.org/CVERecord?id=CVE-2022-23806	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23806	external
https://access.redhat.com/security/cve/CVE-2022-24675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://www.cve.org/CVERecord?id=CVE-2022-24675	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24675	external
https://groups.google.com/g/golang-announce/c/oec…	external
https://access.redhat.com/security/cve/CVE-2022-24921	self
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://www.cve.org/CVERecord?id=CVE-2022-24921	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24921	external
https://groups.google.com/g/golang-announce/c/RP1…	external
https://access.redhat.com/security/cve/CVE-2022-27191	self
https://bugzilla.redhat.com/show_bug.cgi?id=2064702	external
https://www.cve.org/CVERecord?id=CVE-2022-27191	external
https://nvd.nist.gov/vuln/detail/CVE-2022-27191	external
https://groups.google.com/g/golang-announce/c/-cp…	external
https://access.redhat.com/security/cve/CVE-2022-28327	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://www.cve.org/CVERecord?id=CVE-2022-28327	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28327	external

Acknowledgments

NCC Group Oliver Brooks and James Klopchic

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.11.0 images:\n\nRHEL-8-CNV-4.11\n===============\nhostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:6526",
        "url": "https://access.redhat.com/errata/RHSA-2022:6526"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1937609",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937609"
      },
      {
        "category": "external",
        "summary": "1945593",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945593"
      },
      {
        "category": "external",
        "summary": "1968514",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968514"
      },
      {
        "category": "external",
        "summary": "1993109",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993109"
      },
      {
        "category": "external",
        "summary": "1994604",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994604"
      },
      {
        "category": "external",
        "summary": "2001385",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001385"
      },
      {
        "category": "external",
        "summary": "2009793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009793"
      },
      {
        "category": "external",
        "summary": "2010318",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010318"
      },
      {
        "category": "external",
        "summary": "2025276",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025276"
      },
      {
        "category": "external",
        "summary": "2025401",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025401"
      },
      {
        "category": "external",
        "summary": "2026357",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026357"
      },
      {
        "category": "external",
        "summary": "2029349",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029349"
      },
      {
        "category": "external",
        "summary": "2030801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
      },
      {
        "category": "external",
        "summary": "2030806",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
      },
      {
        "category": "external",
        "summary": "2031857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031857"
      },
      {
        "category": "external",
        "summary": "2033077",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033077"
      },
      {
        "category": "external",
        "summary": "2035344",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035344"
      },
      {
        "category": "external",
        "summary": "2036676",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036676"
      },
      {
        "category": "external",
        "summary": "2039976",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039976"
      },
      {
        "category": "external",
        "summary": "2040766",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040766"
      },
      {
        "category": "external",
        "summary": "2041467",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041467"
      },
      {
        "category": "external",
        "summary": "2042402",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042402"
      },
      {
        "category": "external",
        "summary": "2042809",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042809"
      },
      {
        "category": "external",
        "summary": "2045086",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045086"
      },
      {
        "category": "external",
        "summary": "2045880",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
      },
      {
        "category": "external",
        "summary": "2047186",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047186"
      },
      {
        "category": "external",
        "summary": "2051899",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051899"
      },
      {
        "category": "external",
        "summary": "2052094",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052094"
      },
      {
        "category": "external",
        "summary": "2052466",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052466"
      },
      {
        "category": "external",
        "summary": "2052689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052689"
      },
      {
        "category": "external",
        "summary": "2053429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
      },
      {
        "category": "external",
        "summary": "2053532",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
      },
      {
        "category": "external",
        "summary": "2053541",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
      },
      {
        "category": "external",
        "summary": "2056467",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056467"
      },
      {
        "category": "external",
        "summary": "2057157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057157"
      },
      {
        "category": "external",
        "summary": "2057310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057310"
      },
      {
        "category": "external",
        "summary": "2058149",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058149"
      },
      {
        "category": "external",
        "summary": "2058925",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058925"
      },
      {
        "category": "external",
        "summary": "2059121",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059121"
      },
      {
        "category": "external",
        "summary": "2060485",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060485"
      },
      {
        "category": "external",
        "summary": "2060585",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060585"
      },
      {
        "category": "external",
        "summary": "2061208",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061208"
      },
      {
        "category": "external",
        "summary": "2061723",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061723"
      },
      {
        "category": "external",
        "summary": "2063540",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063540"
      },
      {
        "category": "external",
        "summary": "2063792",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063792"
      },
      {
        "category": "external",
        "summary": "2064034",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064034"
      },
      {
        "category": "external",
        "summary": "2064702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
      },
      {
        "category": "external",
        "summary": "2064857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
      },
      {
        "category": "external",
        "summary": "2064936",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064936"
      },
      {
        "category": "external",
        "summary": "2065014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065014"
      },
      {
        "category": "external",
        "summary": "2065019",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065019"
      },
      {
        "category": "external",
        "summary": "2066768",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066768"
      },
      {
        "category": "external",
        "summary": "2067246",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067246"
      },
      {
        "category": "external",
        "summary": "2069287",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069287"
      },
      {
        "category": "external",
        "summary": "2069388",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069388"
      },
      {
        "category": "external",
        "summary": "2070366",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366"
      },
      {
        "category": "external",
        "summary": "2070864",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070864"
      },
      {
        "category": "external",
        "summary": "2071488",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071488"
      },
      {
        "category": "external",
        "summary": "2071549",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071549"
      },
      {
        "category": "external",
        "summary": "2071611",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071611"
      },
      {
        "category": "external",
        "summary": "2071921",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071921"
      },
      {
        "category": "external",
        "summary": "2073669",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073669"
      },
      {
        "category": "external",
        "summary": "2073679",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073679"
      },
      {
        "category": "external",
        "summary": "2073982",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073982"
      },
      {
        "category": "external",
        "summary": "2074337",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074337"
      },
      {
        "category": "external",
        "summary": "2075200",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075200"
      },
      {
        "category": "external",
        "summary": "2075409",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075409"
      },
      {
        "category": "external",
        "summary": "2076292",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076292"
      },
      {
        "category": "external",
        "summary": "2076379",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076379"
      },
      {
        "category": "external",
        "summary": "2076790",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076790"
      },
      {
        "category": "external",
        "summary": "2076908",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076908"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2077689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
      },
      {
        "category": "external",
        "summary": "2078700",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078700"
      },
      {
        "category": "external",
        "summary": "2078703",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078703"
      },
      {
        "category": "external",
        "summary": "2078709",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078709"
      },
      {
        "category": "external",
        "summary": "2078728",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078728"
      },
      {
        "category": "external",
        "summary": "2079366",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079366"
      },
      {
        "category": "external",
        "summary": "2079674",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079674"
      },
      {
        "category": "external",
        "summary": "2079783",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079783"
      },
      {
        "category": "external",
        "summary": "2080132",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080132"
      },
      {
        "category": "external",
        "summary": "2080155",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080155"
      },
      {
        "category": "external",
        "summary": "2080547",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080547"
      },
      {
        "category": "external",
        "summary": "2080833",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080833"
      },
      {
        "category": "external",
        "summary": "2080835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080835"
      },
      {
        "category": "external",
        "summary": "2081182",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081182"
      },
      {
        "category": "external",
        "summary": "2081202",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081202"
      },
      {
        "category": "external",
        "summary": "2081409",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081409"
      },
      {
        "category": "external",
        "summary": "2081671",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081671"
      },
      {
        "category": "external",
        "summary": "2081831",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081831"
      },
      {
        "category": "external",
        "summary": "2082008",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082008"
      },
      {
        "category": "external",
        "summary": "2082164",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082164"
      },
      {
        "category": "external",
        "summary": "2082912",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082912"
      },
      {
        "category": "external",
        "summary": "2083093",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083093"
      },
      {
        "category": "external",
        "summary": "2083097",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083097"
      },
      {
        "category": "external",
        "summary": "2083100",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083100"
      },
      {
        "category": "external",
        "summary": "2083101",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083101"
      },
      {
        "category": "external",
        "summary": "2083135",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083135"
      },
      {
        "category": "external",
        "summary": "2083256",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083256"
      },
      {
        "category": "external",
        "summary": "2083595",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083595"
      },
      {
        "category": "external",
        "summary": "2084102",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084102"
      },
      {
        "category": "external",
        "summary": "2084122",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084122"
      },
      {
        "category": "external",
        "summary": "2084418",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084418"
      },
      {
        "category": "external",
        "summary": "2084431",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084431"
      },
      {
        "category": "external",
        "summary": "2084476",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084476"
      },
      {
        "category": "external",
        "summary": "2084532",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084532"
      },
      {
        "category": "external",
        "summary": "2084610",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084610"
      },
      {
        "category": "external",
        "summary": "2085320",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085320"
      },
      {
        "category": "external",
        "summary": "2085322",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085322"
      },
      {
        "category": "external",
        "summary": "2086272",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086272"
      },
      {
        "category": "external",
        "summary": "2086278",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086278"
      },
      {
        "category": "external",
        "summary": "2086281",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086281"
      },
      {
        "category": "external",
        "summary": "2086286",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086286"
      },
      {
        "category": "external",
        "summary": "2086293",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086293"
      },
      {
        "category": "external",
        "summary": "2086294",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086294"
      },
      {
        "category": "external",
        "summary": "2086303",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086303"
      },
      {
        "category": "external",
        "summary": "2086479",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086479"
      },
      {
        "category": "external",
        "summary": "2086486",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086486"
      },
      {
        "category": "external",
        "summary": "2086488",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086488"
      },
      {
        "category": "external",
        "summary": "2086769",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086769"
      },
      {
        "category": "external",
        "summary": "2086803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086803"
      },
      {
        "category": "external",
        "summary": "2086825",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086825"
      },
      {
        "category": "external",
        "summary": "2086849",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086849"
      },
      {
        "category": "external",
        "summary": "2087188",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087188"
      },
      {
        "category": "external",
        "summary": "2087189",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087189"
      },
      {
        "category": "external",
        "summary": "2087232",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087232"
      },
      {
        "category": "external",
        "summary": "2087546",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087546"
      },
      {
        "category": "external",
        "summary": "2087547",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087547"
      },
      {
        "category": "external",
        "summary": "2087559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087559"
      },
      {
        "category": "external",
        "summary": "2087566",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087566"
      },
      {
        "category": "external",
        "summary": "2087570",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087570"
      },
      {
        "category": "external",
        "summary": "2087577",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087577"
      },
      {
        "category": "external",
        "summary": "2087578",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087578"
      },
      {
        "category": "external",
        "summary": "2087582",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087582"
      },
      {
        "category": "external",
        "summary": "2087583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087583"
      },
      {
        "category": "external",
        "summary": "2087584",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087584"
      },
      {
        "category": "external",
        "summary": "2087587",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087587"
      },
      {
        "category": "external",
        "summary": "2087589",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087589"
      },
      {
        "category": "external",
        "summary": "2087590",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087590"
      },
      {
        "category": "external",
        "summary": "2087593",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087593"
      },
      {
        "category": "external",
        "summary": "2087603",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087603"
      },
      {
        "category": "external",
        "summary": "2087616",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087616"
      },
      {
        "category": "external",
        "summary": "2087701",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087701"
      },
      {
        "category": "external",
        "summary": "2087717",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087717"
      },
      {
        "category": "external",
        "summary": "2088034",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088034"
      },
      {
        "category": "external",
        "summary": "2088355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088355"
      },
      {
        "category": "external",
        "summary": "2088361",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088361"
      },
      {
        "category": "external",
        "summary": "2088379",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088379"
      },
      {
        "category": "external",
        "summary": "2088407",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088407"
      },
      {
        "category": "external",
        "summary": "2088471",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088471"
      },
      {
        "category": "external",
        "summary": "2088472",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088472"
      },
      {
        "category": "external",
        "summary": "2088477",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088477"
      },
      {
        "category": "external",
        "summary": "2088849",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088849"
      },
      {
        "category": "external",
        "summary": "2089078",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089078"
      },
      {
        "category": "external",
        "summary": "2089271",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089271"
      },
      {
        "category": "external",
        "summary": "2089327",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089327"
      },
      {
        "category": "external",
        "summary": "2089376",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089376"
      },
      {
        "category": "external",
        "summary": "2089477",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089477"
      },
      {
        "category": "external",
        "summary": "2089700",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089700"
      },
      {
        "category": "external",
        "summary": "2089745",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089745"
      },
      {
        "category": "external",
        "summary": "2089789",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089789"
      },
      {
        "category": "external",
        "summary": "2089825",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089825"
      },
      {
        "category": "external",
        "summary": "2089836",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089836"
      },
      {
        "category": "external",
        "summary": "2089840",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089840"
      },
      {
        "category": "external",
        "summary": "2089877",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089877"
      },
      {
        "category": "external",
        "summary": "2089932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089932"
      },
      {
        "category": "external",
        "summary": "2089942",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089942"
      },
      {
        "category": "external",
        "summary": "2089954",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089954"
      },
      {
        "category": "external",
        "summary": "2089963",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089963"
      },
      {
        "category": "external",
        "summary": "2089967",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089967"
      },
      {
        "category": "external",
        "summary": "2089970",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089970"
      },
      {
        "category": "external",
        "summary": "2089972",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089972"
      },
      {
        "category": "external",
        "summary": "2089979",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089979"
      },
      {
        "category": "external",
        "summary": "2089982",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089982"
      },
      {
        "category": "external",
        "summary": "2090035",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090035"
      },
      {
        "category": "external",
        "summary": "2090036",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090036"
      },
      {
        "category": "external",
        "summary": "2090037",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090037"
      },
      {
        "category": "external",
        "summary": "2090038",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090038"
      },
      {
        "category": "external",
        "summary": "2090042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090042"
      },
      {
        "category": "external",
        "summary": "2090043",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090043"
      },
      {
        "category": "external",
        "summary": "2090046",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090046"
      },
      {
        "category": "external",
        "summary": "2090048",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090048"
      },
      {
        "category": "external",
        "summary": "2090054",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090054"
      },
      {
        "category": "external",
        "summary": "2090055",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090055"
      },
      {
        "category": "external",
        "summary": "2090056",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090056"
      },
      {
        "category": "external",
        "summary": "2090057",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090057"
      },
      {
        "category": "external",
        "summary": "2090059",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090059"
      },
      {
        "category": "external",
        "summary": "2090064",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090064"
      },
      {
        "category": "external",
        "summary": "2090066",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090066"
      },
      {
        "category": "external",
        "summary": "2090068",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090068"
      },
      {
        "category": "external",
        "summary": "2090131",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090131"
      },
      {
        "category": "external",
        "summary": "2090350",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090350"
      },
      {
        "category": "external",
        "summary": "2091003",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091003"
      },
      {
        "category": "external",
        "summary": "2091058",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091058"
      },
      {
        "category": "external",
        "summary": "2091309",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091309"
      },
      {
        "category": "external",
        "summary": "2091406",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091406"
      },
      {
        "category": "external",
        "summary": "2091754",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091754"
      },
      {
        "category": "external",
        "summary": "2091755",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091755"
      },
      {
        "category": "external",
        "summary": "2091756",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091756"
      },
      {
        "category": "external",
        "summary": "2091758",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091758"
      },
      {
        "category": "external",
        "summary": "2091760",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091760"
      },
      {
        "category": "external",
        "summary": "2091761",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091761"
      },
      {
        "category": "external",
        "summary": "2091762",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091762"
      },
      {
        "category": "external",
        "summary": "2091764",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091764"
      },
      {
        "category": "external",
        "summary": "2091765",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091765"
      },
      {
        "category": "external",
        "summary": "2091766",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091766"
      },
      {
        "category": "external",
        "summary": "2091853",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091853"
      },
      {
        "category": "external",
        "summary": "2091863",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091863"
      },
      {
        "category": "external",
        "summary": "2091868",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091868"
      },
      {
        "category": "external",
        "summary": "2091889",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091889"
      },
      {
        "category": "external",
        "summary": "2091897",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091897"
      },
      {
        "category": "external",
        "summary": "2091904",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091904"
      },
      {
        "category": "external",
        "summary": "2091911",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091911"
      },
      {
        "category": "external",
        "summary": "2091940",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091940"
      },
      {
        "category": "external",
        "summary": "2091945",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091945"
      },
      {
        "category": "external",
        "summary": "2091946",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091946"
      },
      {
        "category": "external",
        "summary": "2091982",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091982"
      },
      {
        "category": "external",
        "summary": "2092048",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092048"
      },
      {
        "category": "external",
        "summary": "2092052",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092052"
      },
      {
        "category": "external",
        "summary": "2092071",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092071"
      },
      {
        "category": "external",
        "summary": "2092079",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092079"
      },
      {
        "category": "external",
        "summary": "2092158",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092158"
      },
      {
        "category": "external",
        "summary": "2092228",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092228"
      },
      {
        "category": "external",
        "summary": "2092230",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092230"
      },
      {
        "category": "external",
        "summary": "2092306",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092306"
      },
      {
        "category": "external",
        "summary": "2092337",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092337"
      },
      {
        "category": "external",
        "summary": "2092359",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092359"
      },
      {
        "category": "external",
        "summary": "2092654",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092654"
      },
      {
        "category": "external",
        "summary": "2092662",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092662"
      },
      {
        "category": "external",
        "summary": "2092663",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092663"
      },
      {
        "category": "external",
        "summary": "2092664",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092664"
      },
      {
        "category": "external",
        "summary": "2092781",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092781"
      },
      {
        "category": "external",
        "summary": "2092783",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092783"
      },
      {
        "category": "external",
        "summary": "2092787",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092787"
      },
      {
        "category": "external",
        "summary": "2092789",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092789"
      },
      {
        "category": "external",
        "summary": "2092951",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092951"
      },
      {
        "category": "external",
        "summary": "2093282",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093282"
      },
      {
        "category": "external",
        "summary": "2093691",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093691"
      },
      {
        "category": "external",
        "summary": "2093713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093713"
      },
      {
        "category": "external",
        "summary": "2093715",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093715"
      },
      {
        "category": "external",
        "summary": "2093716",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093716"
      },
      {
        "category": "external",
        "summary": "2093772",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093772"
      },
      {
        "category": "external",
        "summary": "2093773",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093773"
      },
      {
        "category": "external",
        "summary": "2093866",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093866"
      },
      {
        "category": "external",
        "summary": "2093867",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093867"
      },
      {
        "category": "external",
        "summary": "2094202",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094202"
      },
      {
        "category": "external",
        "summary": "2094207",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094207"
      },
      {
        "category": "external",
        "summary": "2094208",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094208"
      },
      {
        "category": "external",
        "summary": "2094217",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094217"
      },
      {
        "category": "external",
        "summary": "2094222",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094222"
      },
      {
        "category": "external",
        "summary": "2094323",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094323"
      },
      {
        "category": "external",
        "summary": "2094405",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094405"
      },
      {
        "category": "external",
        "summary": "2094440",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094440"
      },
      {
        "category": "external",
        "summary": "2094451",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094451"
      },
      {
        "category": "external",
        "summary": "2094453",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094453"
      },
      {
        "category": "external",
        "summary": "2094465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094465"
      },
      {
        "category": "external",
        "summary": "2094471",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094471"
      },
      {
        "category": "external",
        "summary": "2094481",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094481"
      },
      {
        "category": "external",
        "summary": "2094486",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094486"
      },
      {
        "category": "external",
        "summary": "2094491",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094491"
      },
      {
        "category": "external",
        "summary": "2094495",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094495"
      },
      {
        "category": "external",
        "summary": "2094646",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094646"
      },
      {
        "category": "external",
        "summary": "2094665",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094665"
      },
      {
        "category": "external",
        "summary": "2094678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094678"
      },
      {
        "category": "external",
        "summary": "2094727",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094727"
      },
      {
        "category": "external",
        "summary": "2094807",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094807"
      },
      {
        "category": "external",
        "summary": "2094813",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094813"
      },
      {
        "category": "external",
        "summary": "2094848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094848"
      },
      {
        "category": "external",
        "summary": "2095125",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095125"
      },
      {
        "category": "external",
        "summary": "2095129",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095129"
      },
      {
        "category": "external",
        "summary": "2095224",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095224"
      },
      {
        "category": "external",
        "summary": "2095529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095529"
      },
      {
        "category": "external",
        "summary": "2095530",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095530"
      },
      {
        "category": "external",
        "summary": "2095532",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095532"
      },
      {
        "category": "external",
        "summary": "2095537",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095537"
      },
      {
        "category": "external",
        "summary": "2095570",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095570"
      },
      {
        "category": "external",
        "summary": "2095573",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095573"
      },
      {
        "category": "external",
        "summary": "2095953",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095953"
      },
      {
        "category": "external",
        "summary": "2095955",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095955"
      },
      {
        "category": "external",
        "summary": "2096166",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096166"
      },
      {
        "category": "external",
        "summary": "2096206",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096206"
      },
      {
        "category": "external",
        "summary": "2096208",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096208"
      },
      {
        "category": "external",
        "summary": "2096263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096263"
      },
      {
        "category": "external",
        "summary": "2096333",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096333"
      },
      {
        "category": "external",
        "summary": "2096492",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096492"
      },
      {
        "category": "external",
        "summary": "2096502",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096502"
      },
      {
        "category": "external",
        "summary": "2096510",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096510"
      },
      {
        "category": "external",
        "summary": "2096511",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096511"
      },
      {
        "category": "external",
        "summary": "2096620",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096620"
      },
      {
        "category": "external",
        "summary": "2096781",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096781"
      },
      {
        "category": "external",
        "summary": "2096801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096801"
      },
      {
        "category": "external",
        "summary": "2096845",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096845"
      },
      {
        "category": "external",
        "summary": "2097328",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097328"
      },
      {
        "category": "external",
        "summary": "2097370",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097370"
      },
      {
        "category": "external",
        "summary": "2097465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097465"
      },
      {
        "category": "external",
        "summary": "2097586",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097586"
      },
      {
        "category": "external",
        "summary": "2098134",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098134"
      },
      {
        "category": "external",
        "summary": "2098135",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098135"
      },
      {
        "category": "external",
        "summary": "2098282",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098282"
      },
      {
        "category": "external",
        "summary": "2099443",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099443"
      },
      {
        "category": "external",
        "summary": "2099533",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099533"
      },
      {
        "category": "external",
        "summary": "2099535",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099535"
      },
      {
        "category": "external",
        "summary": "2099539",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099539"
      },
      {
        "category": "external",
        "summary": "2099566",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099566"
      },
      {
        "category": "external",
        "summary": "2099608",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099608"
      },
      {
        "category": "external",
        "summary": "2099633",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099633"
      },
      {
        "category": "external",
        "summary": "2099639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099639"
      },
      {
        "category": "external",
        "summary": "2099802",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099802"
      },
      {
        "category": "external",
        "summary": "2100054",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100054"
      },
      {
        "category": "external",
        "summary": "2100284",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100284"
      },
      {
        "category": "external",
        "summary": "2100415",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100415"
      },
      {
        "category": "external",
        "summary": "2100495",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
      },
      {
        "category": "external",
        "summary": "2101164",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101164"
      },
      {
        "category": "external",
        "summary": "2101192",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101192"
      },
      {
        "category": "external",
        "summary": "2101430",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101430"
      },
      {
        "category": "external",
        "summary": "2101454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101454"
      },
      {
        "category": "external",
        "summary": "2101485",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101485"
      },
      {
        "category": "external",
        "summary": "2101628",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101628"
      },
      {
        "category": "external",
        "summary": "2101954",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101954"
      },
      {
        "category": "external",
        "summary": "2102076",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102076"
      },
      {
        "category": "external",
        "summary": "2102116",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102116"
      },
      {
        "category": "external",
        "summary": "2102117",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102117"
      },
      {
        "category": "external",
        "summary": "2102122",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102122"
      },
      {
        "category": "external",
        "summary": "2102124",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102124"
      },
      {
        "category": "external",
        "summary": "2102125",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102125"
      },
      {
        "category": "external",
        "summary": "2102127",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102127"
      },
      {
        "category": "external",
        "summary": "2102129",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102129"
      },
      {
        "category": "external",
        "summary": "2102131",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102131"
      },
      {
        "category": "external",
        "summary": "2102135",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102135"
      },
      {
        "category": "external",
        "summary": "2102143",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102143"
      },
      {
        "category": "external",
        "summary": "2102256",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102256"
      },
      {
        "category": "external",
        "summary": "2102448",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102448"
      },
      {
        "category": "external",
        "summary": "2102543",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102543"
      },
      {
        "category": "external",
        "summary": "2102544",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102544"
      },
      {
        "category": "external",
        "summary": "2102545",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102545"
      },
      {
        "category": "external",
        "summary": "2104617",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104617"
      },
      {
        "category": "external",
        "summary": "2106175",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106175"
      },
      {
        "category": "external",
        "summary": "2106258",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106258"
      },
      {
        "category": "external",
        "summary": "2110178",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110178"
      },
      {
        "category": "external",
        "summary": "2111359",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111359"
      },
      {
        "category": "external",
        "summary": "2111562",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111562"
      },
      {
        "category": "external",
        "summary": "2117872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6526.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update",
    "tracking": {
      "current_release_date": "2026-06-02T17:37:46+00:00",
      "generator": {
        "date": "2026-06-02T17:37:46+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2022:6526",
      "initial_release_date": "2022-09-14T19:28:51+00:00",
      "revision_history": [
        {
          "date": "2022-09-14T19:28:51+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-09-14T19:28:51+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:37:46+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CNV 4.11 for RHEL 8",
                "product": {
                  "name": "CNV 4.11 for RHEL 8",
                  "product_id": "8Base-CNV-4.11",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
                "product": {
                  "name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
                  "product_id": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/checkup-framework\u0026tag=v4.11.0-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
                "product": {
                  "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
                  "product_id": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8\u0026tag=v4.11.0-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
                "product": {
                  "name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
                  "product_id": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.11.0-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
                  "product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.11.0-83"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.11.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.11.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.11.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.11.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.11.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.11.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.11.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.11.0-29"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.11.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
                "product": {
                  "name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
                  "product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.11.0-67"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64"
        },
        "product_reference": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
        },
        "product_reference": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
        },
        "product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        },
        "product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-38561",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2022-06-23T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2100495"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "RHBZ#2100495",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2021-0113",
          "url": "https://pkg.go.dev/vuln/GO-2021-0113"
        }
      ],
      "release_date": "2021-08-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-14T19:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6526"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
    },
    {
      "cve": "CVE-2021-44716",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: limit growth of header canonicalization cache",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
          "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
        }
      ],
      "release_date": "2021-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-14T19:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6526"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang: net/http: limit growth of header canonicalization cache"
    },
    {
      "cve": "CVE-2021-44717",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030806"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030806",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
          "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
        }
      ],
      "release_date": "2021-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-14T19:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6526"
        },
        {
          "category": "workaround",
          "details": "This bug can be mitigated by raising the per-process file descriptor limit.",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Oliver Brooks and James Klopchic"
          ],
          "organization": "NCC Group"
        }
      ],
      "cve": "CVE-2022-1798",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-08-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2117872"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1798"
        },
        {
          "category": "external",
          "summary": "RHBZ#2117872",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
        },
        {
          "category": "external",
          "summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
          "url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
        }
      ],
      "release_date": "2022-08-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-14T19:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6526"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
    },
    {
      "cve": "CVE-2022-21698",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "discovery_date": "2022-01-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2045880"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-21698"
        },
        {
          "category": "external",
          "summary": "RHBZ#2045880",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
        },
        {
          "category": "external",
          "summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
          "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
        }
      ],
      "release_date": "2022-02-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-14T19:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6526"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
    },
    {
      "cve": "CVE-2022-23772",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053532"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053532",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-01-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-14T19:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6526"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
    },
    {
      "cve": "CVE-2022-23773",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053541"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053541",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-14T19:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6526"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
    },
    {
      "cve": "CVE-2022-23806",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053429"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053429",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-14T19:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6526"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-14T19:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6526"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-24921",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2064857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: regexp: stack exhaustion via a deeply nested expression",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "RHBZ#2064857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
          "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
        }
      ],
      "release_date": "2022-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-14T19:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6526"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: regexp: stack exhaustion via a deeply nested expression"
    },
    {
      "cve": "CVE-2022-27191",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "discovery_date": "2022-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2064702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crash in a golang.org/x/crypto/ssh server",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-27191"
        },
        {
          "category": "external",
          "summary": "RHBZ#2064702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27191",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ",
          "url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ"
        }
      ],
      "release_date": "2022-03-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-14T19:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6526"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crash in a golang.org/x/crypto/ssh server"
    },
    {
      "cve": "CVE-2022-28327",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077689"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: panic caused by oversized scalar",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077689",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-14T19:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6526"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: panic caused by oversized scalar"
    }
  ]
}

RHSA-2022:6714

Vulnerability from csaf_redhat - Published: 2022-09-26 15:26 - Updated: 2026-06-05 06:24

Summary

Red Hat Security Advisory: RHACS 3.72 enhancement and security update

Severity

Moderate

Notes

Topic: Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Release of RHACS 3.72 provides these changes: New features * Automatic removal of nonactive clusters from RHACS: RHACS provides the ability to configure your system to automatically remove nonactive clusters from RHACS so that you can monitor active clusters only. * Support for unauthenticated email integration: RHACS now supports unauthenticated SMTP for email integrations. This is insecure and not recommended. * Support for Quay robot accounts: RHACS now supports use of robot accounts in quay.io integrations. You can create robot accounts in Quay that allow you to share credentials for use in multiple repositories. * Ability to view Dockerfile lines in images that introduced components with Common Vulnerabilities and Exposures (CVEs): In the Images view, under Image Findings, you can view individual lines in the Dockerfile that introduced the components that have been identified as containing CVEs. * Network graph improvements: RHACS 3.72 includes some improvements to the Network Graph user interface. Known issue * RHACS shows the wrong severity when two severities exist for a single vulnerability in a single distribution. This issue occurs because RHACS scopes severities by namespace rather than component. There is no workaround. It is anticipated that an upcoming release will include a fix for this issue. (ROX-12527) Bug fixes * Before this update, the steps to configure OpenShift Container Platform OAuth for more than one URI were missing. The documentation has been revised to include instructions for configuring OAuth in OpenShift Container Platform to use more than one URI. For more information, see Creating additional routes for the OpenShift Container Platform OAuth server. (ROX-11296) * Before this update, the autogenerated image integration, such as a Docker registry integration, for a cluster is not deleted when the cluster is removed from Central. This issue is fixed. (ROX-9398) * Before this update, the Image OS policy criteria did not support regular expressions, or regex. However, the documentation indicated that regular expressions were supported. This issue is fixed by adding support for regular expressions for the Image OS policy criteria. (ROX-12301) * Before this update, the syslog integration did not respect a configured TCP proxy. This is now fixed. * Before this update, the scanner-db pod failed to start when a resource quota was set for the stackrox namespace, because the init-db container in the pod did not have any resources assigned to it. The init-db container for ScannerDB now specifies resource requests and limits that match the db container. (ROX-12291) Notable technical changes * Scanning support for Red Hat Enterprise Linux 9: RHEL 9 is now generally available (GA). RHACS 3.72 introduces support for analyzing images built with Red Hat Universal Base Image (UBI) 9 and Red Hat Enterprise Linux (RHEL) 9 RPMs for vulnerabilities. * Policy for CVEs with fixable CVSS of 6 or greater disabled by default: Beginning with this release, the Fixable CVSS >= 6 and Privileged policy is no longer enabled by default for new RHACS installations. The configuration of this policy is not changed when upgrading an existing system. A new policy Privileged Containers with Important and Critical Fixable CVEs, which gives an alert for containers running in privileged mode that have important or critical fixable vulnerabilities, has been added. Security Fix(es) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-24675

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64	—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64		—

Threats

Impact Moderate

CVE-2022-24921

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64	—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64		—

Threats

Impact Moderate

CVE-2022-28327

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64	—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64		—

Threats

Impact Moderate

CVE-2022-29526

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-358 - Improperly Implemented Security Check for Standard

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64	—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64		—

Threats

Impact Moderate

CVE-2022-30631

A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64	—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64		—
Unresolved product id: 8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64		—

Threats

Impact Moderate

References

34 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:6714	self
https://access.redhat.com/security/updates/classi…	external
https://docs.openshift.com/acs/3.72/release_notes…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-24675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://www.cve.org/CVERecord?id=CVE-2022-24675	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24675	external
https://groups.google.com/g/golang-announce/c/oec…	external
https://access.redhat.com/security/cve/CVE-2022-24921	self
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://www.cve.org/CVERecord?id=CVE-2022-24921	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24921	external
https://groups.google.com/g/golang-announce/c/RP1…	external
https://access.redhat.com/security/cve/CVE-2022-28327	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://www.cve.org/CVERecord?id=CVE-2022-28327	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28327	external
https://access.redhat.com/security/cve/CVE-2022-29526	self
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://www.cve.org/CVERecord?id=CVE-2022-29526	external
https://nvd.nist.gov/vuln/detail/CVE-2022-29526	external
https://groups.google.com/g/golang-announce/c/Y5q…	external
https://access.redhat.com/security/cve/CVE-2022-30631	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://www.cve.org/CVERecord?id=CVE-2022-30631	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30631	external
https://go.dev/issue/53168	external
https://groups.google.com/g/golang-announce/c/nqr…	external

Acknowledgments

Joël Gähwiler

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Release of RHACS 3.72 provides these changes:\n\nNew features\n* Automatic removal of nonactive clusters from RHACS: RHACS provides the ability to configure your system to automatically remove nonactive clusters from RHACS so that you can monitor active clusters only. \n* Support for unauthenticated email integration: RHACS now supports unauthenticated SMTP for email integrations. This is insecure and not recommended.\n* Support for Quay robot accounts: RHACS now supports use of robot accounts in quay.io integrations. You can create robot accounts in Quay that allow you to share credentials for use in multiple repositories.\n* Ability to view Dockerfile lines in images that introduced components with Common Vulnerabilities and Exposures (CVEs): In the Images view, under Image Findings, you can view individual lines in the Dockerfile that introduced the components that have been identified as containing CVEs.\n* Network graph improvements: RHACS 3.72 includes some improvements to the Network Graph user interface.\n\nKnown issue\n* RHACS shows the wrong severity when two severities exist for a single vulnerability in a single distribution. This issue occurs because RHACS scopes severities by namespace rather than component. There is no workaround. It is anticipated that an upcoming release will include a fix for this issue. (ROX-12527)\n\nBug fixes\n* Before this update, the steps to configure OpenShift Container Platform OAuth for more than one URI were missing. The documentation has been revised to include instructions for configuring OAuth in OpenShift Container Platform to use more than one URI. For more information, see Creating additional routes for the OpenShift Container Platform OAuth server. (ROX-11296)\n* Before this update, the autogenerated image integration, such as a Docker registry integration, for a cluster is not deleted when the cluster is removed from Central. This issue is fixed. (ROX-9398)\n* Before this update, the Image OS policy criteria did not support regular expressions, or regex. However, the documentation indicated that regular expressions were supported. This issue is fixed by adding support for regular expressions for the Image OS policy criteria. (ROX-12301)\n* Before this update, the syslog integration did not respect a configured TCP proxy. This is now fixed.\n* Before this update, the scanner-db pod failed to start when a resource quota was set for the stackrox namespace, because the init-db container in the pod did not have any resources assigned to it. The init-db container for ScannerDB now specifies resource requests and limits that match the db container. (ROX-12291)\n\nNotable technical changes\n* Scanning support for Red Hat Enterprise Linux 9: RHEL 9 is now generally available (GA). RHACS 3.72 introduces support for analyzing images built with Red Hat Universal Base Image (UBI) 9 and Red Hat Enterprise Linux (RHEL) 9 RPMs for vulnerabilities.\n* Policy for CVEs with fixable CVSS of 6 or greater disabled by default: Beginning with this release, the Fixable CVSS \u003e= 6 and Privileged policy is no longer enabled by default for new RHACS installations. The configuration of this policy is not changed when upgrading an existing system. A new policy Privileged Containers with Important and Critical Fixable CVEs, which gives an alert for containers running in privileged mode that have important or critical fixable vulnerabilities, has been added.\n\nSecurity Fix(es)\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:6714",
        "url": "https://access.redhat.com/errata/RHSA-2022:6714"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/acs/3.72/release_notes/372-release-notes.html",
        "url": "https://docs.openshift.com/acs/3.72/release_notes/372-release-notes.html"
      },
      {
        "category": "external",
        "summary": "2064857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2077689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
      },
      {
        "category": "external",
        "summary": "2084085",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
      },
      {
        "category": "external",
        "summary": "2107342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6714.json"
      }
    ],
    "title": "Red Hat Security Advisory: RHACS 3.72 enhancement and security update",
    "tracking": {
      "current_release_date": "2026-06-05T06:24:35+00:00",
      "generator": {
        "date": "2026-06-05T06:24:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2022:6714",
      "initial_release_date": "2022-09-26T15:26:11+00:00",
      "revision_history": [
        {
          "date": "2022-09-26T15:26:11+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-09-26T15:26:11+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-05T06:24:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHACS 3.72 for RHEL 8",
                "product": {
                  "name": "RHACS 3.72 for RHEL 8",
                  "product_id": "8Base-RHACS-3.72",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:advanced_cluster_security:3.72::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Cluster Security for Kubernetes"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
                  "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=3.72.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
                  "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=3.72.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
                  "product_id": "advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-docs-rhel8\u0026tag=3.72.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
                  "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=3.72.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
                  "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.72.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
                  "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.72.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
                  "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=3.72.0-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=3.72.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=3.72.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=3.72.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=3.72.0-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64 as a component of RHACS 3.72 for RHEL 8",
          "product_id": "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.72"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64 as a component of RHACS 3.72 for RHEL 8",
          "product_id": "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.72"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64 as a component of RHACS 3.72 for RHEL 8",
          "product_id": "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.72"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64 as a component of RHACS 3.72 for RHEL 8",
          "product_id": "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.72"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64 as a component of RHACS 3.72 for RHEL 8",
          "product_id": "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.72"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64 as a component of RHACS 3.72 for RHEL 8",
          "product_id": "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.72"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64 as a component of RHACS 3.72 for RHEL 8",
          "product_id": "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.72"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64 as a component of RHACS 3.72 for RHEL 8",
          "product_id": "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.72"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64 as a component of RHACS 3.72 for RHEL 8",
          "product_id": "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.72"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64 as a component of RHACS 3.72 for RHEL 8",
          "product_id": "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.72"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64 as a component of RHACS 3.72 for RHEL 8",
          "product_id": "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.72"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
        ],
        "known_not_affected": [
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-26T15:26:11+00:00",
          "details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 3.72 you are advised to upgrade to RHACS 3.72.0.",
          "product_ids": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6714"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-24921",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-03-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2064857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: regexp: stack exhaustion via a deeply nested expression",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
        ],
        "known_not_affected": [
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "RHBZ#2064857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
          "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
        }
      ],
      "release_date": "2022-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-26T15:26:11+00:00",
          "details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 3.72 you are advised to upgrade to RHACS 3.72.0.",
          "product_ids": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6714"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: regexp: stack exhaustion via a deeply nested expression"
    },
    {
      "cve": "CVE-2022-28327",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077689"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: panic caused by oversized scalar",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
        ],
        "known_not_affected": [
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077689",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-26T15:26:11+00:00",
          "details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 3.72 you are advised to upgrade to RHACS 3.72.0.",
          "product_ids": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6714"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: panic caused by oversized scalar"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jo\u00ebl G\u00e4hwiler"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-29526",
      "cwe": {
        "id": "CWE-358",
        "name": "Improperly Implemented Security Check for Standard"
      },
      "discovery_date": "2022-05-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2084085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: syscall: faccessat checks wrong group",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
        ],
        "known_not_affected": [
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "RHBZ#2084085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
          "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
        }
      ],
      "release_date": "2022-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-26T15:26:11+00:00",
          "details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 3.72 you are advised to upgrade to RHACS 3.72.0.",
          "product_ids": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6714"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: syscall: faccessat checks wrong group"
    },
    {
      "cve": "CVE-2022-30631",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: compress/gzip: stack exhaustion in Reader.Read",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
        ],
        "known_not_affected": [
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
          "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53168",
          "url": "https://go.dev/issue/53168"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-26T15:26:11+00:00",
          "details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 3.72 you are advised to upgrade to RHACS 3.72.0.",
          "product_ids": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6714"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-rhel8@sha256:2083d2a25f1954186a0b06ddde11215b1f21ac819f2fadb5278f2c62aad5324d_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:abeaab1e57851f3883af18464d85e776c83778a79bdd39e97d67fc05a0bbe87b_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-docs-rhel8@sha256:a17be9f88785c32bb6ab598072bae369f392b80037500947af5cd3f174daafe4_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-main-rhel8@sha256:142aeebfd057b8bf0bcc949190887a2fbc5bf160aa38e7ed70baaccf4f1438c3_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-operator-bundle@sha256:9ec13da5353f1031edc8b84ee17f00fd42c59253b2f402eec0dc5744fac1cbf5_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-rhel8-operator@sha256:12012f57ce5f5a3198288b21761b046a0090335d36eb5a6425ab547b04a82790_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:aa63f1ec9768107ef8ee6ca951589d3aba4abd0b6ebac17fd730360f06b25f36_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1e1598484dbf95e45e2b6798dc82d5d0f78a82fff0025d61736c7fdc014e915e_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8ddb34c4d25fce6e6686a51a3f8482152a48e9f9154a3142983bcdfde66e9a85_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-rhel8@sha256:39076f8d7502262d78176bda06dfa5ed69bd43a42a5cdd431434bad30dd844ba_amd64",
            "8Base-RHACS-3.72:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dd738be01a9a078d457e76cf54e2e88d112db971542a168cd4b016190cdf00e1_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: compress/gzip: stack exhaustion in Reader.Read"
    }
  ]
}

RHSA-2022:7058

Vulnerability from csaf_redhat - Published: 2022-10-19 22:19 - Updated: 2026-06-02 17:37

Summary

Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

Severity

Moderate

Notes

Topic: OpenShift sandboxed containers 1.3.1 is now available.

Details: OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html

CVE-2022-2832

A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-24675

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-30632

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64	—	Vendor Fix fix

Threats

Impact Moderate

References

22 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:7058	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107386	external
https://bugzilla.redhat.com/show_bug.cgi?id=2118556	external
https://issues.redhat.com/browse/KATA-1754	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-2832	self
https://bugzilla.redhat.com/show_bug.cgi?id=2118556	external
https://www.cve.org/CVERecord?id=CVE-2022-2832	external
https://nvd.nist.gov/vuln/detail/CVE-2022-2832	external
https://access.redhat.com/security/cve/CVE-2022-24675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://www.cve.org/CVERecord?id=CVE-2022-24675	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24675	external
https://groups.google.com/g/golang-announce/c/oec…	external
https://access.redhat.com/security/cve/CVE-2022-30632	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107386	external
https://www.cve.org/CVERecord?id=CVE-2022-30632	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30632	external
https://go.dev/issue/53416	external
https://groups.google.com/g/golang-announce/c/nqr…	external

Acknowledgments

sangjun

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift sandboxed containers 1.3.1 is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime.\n\nThis advisory contains an update for OpenShift sandboxed containers with  security fixes and a bug fix.\n\nSpace precludes documenting all of the updates to OpenShift sandboxed\ncontainers in this advisory. See the following Release Notes documentation,\nwhich will be updated shortly for this release, for details about these\nchanges:\n\nhttps://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:7058",
        "url": "https://access.redhat.com/errata/RHSA-2022:7058"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2107386",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
      },
      {
        "category": "external",
        "summary": "2118556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556"
      },
      {
        "category": "external",
        "summary": "KATA-1754",
        "url": "https://issues.redhat.com/browse/KATA-1754"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7058.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update",
    "tracking": {
      "current_release_date": "2026-06-02T17:37:51+00:00",
      "generator": {
        "date": "2026-06-02T17:37:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2022:7058",
      "initial_release_date": "2022-10-19T22:19:53+00:00",
      "revision_history": [
        {
          "date": "2022-10-19T22:19:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-10-19T22:19:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:37:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Sandboxed Containers 1.3",
                "product": {
                  "name": "OpenShift Sandboxed Containers 1.3",
                  "product_id": "8Base-OSE-OSC-1.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1.3.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel8\u0026tag=1.3.1-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel8\u0026tag=1.3.1-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle\u0026tag=1.3.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-rhel8-operator\u0026tag=1.3.1-5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "sangjun"
          ]
        }
      ],
      "cve": "CVE-2022-2832",
      "cwe": {
        "id": "CWE-395",
        "name": "Use of NullPointerException Catch to Detect NULL Pointer Dereference"
      },
      "discovery_date": "2022-08-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2118556"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "blender: Null pointer reference in blender thumbnail extractor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-2832"
        },
        {
          "category": "external",
          "summary": "RHBZ#2118556",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2832",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-2832"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2832",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2832"
        }
      ],
      "release_date": "2022-08-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T22:19:53+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html",
          "product_ids": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "blender: Null pointer reference in blender thumbnail extractor"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T22:19:53+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html",
          "product_ids": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-30632",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107386"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: path/filepath: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107386",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53416",
          "url": "https://go.dev/issue/53416"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T22:19:53+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html",
          "product_ids": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: path/filepath: stack exhaustion in Glob"
    }
  ]
}

RHSA-2022:8750

Vulnerability from csaf_redhat - Published: 2022-12-01 21:09 - Updated: 2026-06-02 17:38

Summary

Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Severity

Moderate

Notes

Topic: Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Security Fix(es): * golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191) * Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177) * Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391) * [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225) * Fedora version in DataImportCrons is not 'latest' (BZ#2102694) * [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407) * CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562) * Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643) * Unable to start windows VMs on PSI setups (BZ#2115371) * [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997) * Mark Windows 11 as TechPreview (BZ#2129013) * 4.11.1 rpms (BZ#2139453) This advisory contains the following OpenShift Virtualization 4.11.1 images. RHEL-8-CNV-4.11 virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49

CVE-2021-38561

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-24675

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64	—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64		—
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64		—

Threats

Impact Moderate

CVE-2022-24921

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-28327

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-30629

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-331 - Insufficient Entropy

Affected products

Fixed 14 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64	—	Vendor Fix fix

Threats

Impact Low

References

51 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:8750	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2033191	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://bugzilla.redhat.com/show_bug.cgi?id=2070772	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://bugzilla.redhat.com/show_bug.cgi?id=2087177	external
https://bugzilla.redhat.com/show_bug.cgi?id=2089391	external
https://bugzilla.redhat.com/show_bug.cgi?id=2091856	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2098225	external
https://bugzilla.redhat.com/show_bug.cgi?id=2100495	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102694	external
https://bugzilla.redhat.com/show_bug.cgi?id=2109407	external
https://bugzilla.redhat.com/show_bug.cgi?id=2110562	external
https://bugzilla.redhat.com/show_bug.cgi?id=2112643	external
https://bugzilla.redhat.com/show_bug.cgi?id=2115371	external
https://bugzilla.redhat.com/show_bug.cgi?id=2119613	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128554	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128872	external
https://bugzilla.redhat.com/show_bug.cgi?id=2128997	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129013	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129235	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134668	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139453	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-38561	self
https://bugzilla.redhat.com/show_bug.cgi?id=2100495	external
https://www.cve.org/CVERecord?id=CVE-2021-38561	external
https://nvd.nist.gov/vuln/detail/CVE-2021-38561	external
https://pkg.go.dev/vuln/GO-2021-0113	external
https://access.redhat.com/security/cve/CVE-2022-24675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://www.cve.org/CVERecord?id=CVE-2022-24675	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24675	external
https://groups.google.com/g/golang-announce/c/oec…	external
https://access.redhat.com/security/cve/CVE-2022-24921	self
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://www.cve.org/CVERecord?id=CVE-2022-24921	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24921	external
https://groups.google.com/g/golang-announce/c/RP1…	external
https://access.redhat.com/security/cve/CVE-2022-28327	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://www.cve.org/CVERecord?id=CVE-2022-28327	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28327	external
https://access.redhat.com/security/cve/CVE-2022-30629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://www.cve.org/CVERecord?id=CVE-2022-30629	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30629	external
https://groups.google.com/g/golang-announce/c/TzI…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nSecurity Fix(es):\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not \u0027latest\u0027 (BZ#2102694)\n\n* [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1 images.\n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:8750",
        "url": "https://access.redhat.com/errata/RHSA-2022:8750"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2033191",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033191"
      },
      {
        "category": "external",
        "summary": "2064857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
      },
      {
        "category": "external",
        "summary": "2070772",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070772"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2077689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
      },
      {
        "category": "external",
        "summary": "2087177",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087177"
      },
      {
        "category": "external",
        "summary": "2089391",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089391"
      },
      {
        "category": "external",
        "summary": "2091856",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091856"
      },
      {
        "category": "external",
        "summary": "2092793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
      },
      {
        "category": "external",
        "summary": "2098225",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098225"
      },
      {
        "category": "external",
        "summary": "2100495",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
      },
      {
        "category": "external",
        "summary": "2102694",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102694"
      },
      {
        "category": "external",
        "summary": "2109407",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109407"
      },
      {
        "category": "external",
        "summary": "2110562",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110562"
      },
      {
        "category": "external",
        "summary": "2112643",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112643"
      },
      {
        "category": "external",
        "summary": "2115371",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115371"
      },
      {
        "category": "external",
        "summary": "2119613",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119613"
      },
      {
        "category": "external",
        "summary": "2128554",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128554"
      },
      {
        "category": "external",
        "summary": "2128872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128872"
      },
      {
        "category": "external",
        "summary": "2128997",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128997"
      },
      {
        "category": "external",
        "summary": "2129013",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129013"
      },
      {
        "category": "external",
        "summary": "2129235",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129235"
      },
      {
        "category": "external",
        "summary": "2134668",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134668"
      },
      {
        "category": "external",
        "summary": "2139453",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139453"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8750.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update",
    "tracking": {
      "current_release_date": "2026-06-02T17:38:00+00:00",
      "generator": {
        "date": "2026-06-02T17:38:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2022:8750",
      "initial_release_date": "2022-12-01T21:09:40+00:00",
      "revision_history": [
        {
          "date": "2022-12-01T21:09:40+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-12-01T21:09:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:38:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CNV 4.11 for RHEL 8",
                "product": {
                  "name": "CNV 4.11 for RHEL 8",
                  "product_id": "8Base-CNV-4.11",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
                "product": {
                  "name": "container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
                  "product_id": "container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/checkup-framework\u0026tag=v4.11.1-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
                "product": {
                  "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
                  "product_id": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8\u0026tag=v4.11.1-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
                "product": {
                  "name": "container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
                  "product_id": "container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.11.1-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
                  "product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.11.1-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.11.1-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.11.1-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.11.1-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.11.1-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.11.1-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.11.1-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.11.1-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.11.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
                  "product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.11.1-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64",
                "product": {
                  "name": "container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64",
                  "product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.11.1-8"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64"
        },
        "product_reference": "container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64"
        },
        "product_reference": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64"
        },
        "product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64 as a component of CNV 4.11 for RHEL 8",
          "product_id": "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
        },
        "product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64",
        "relates_to_product_reference": "8Base-CNV-4.11"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-38561",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2022-06-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2100495"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "RHBZ#2100495",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2021-0113",
          "url": "https://pkg.go.dev/vuln/GO-2021-0113"
        }
      ],
      "release_date": "2021-08-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-12-01T21:09:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:8750"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-12-01T21:09:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:8750"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-24921",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2064857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: regexp: stack exhaustion via a deeply nested expression",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "RHBZ#2064857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
          "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
        }
      ],
      "release_date": "2022-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-12-01T21:09:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:8750"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: regexp: stack exhaustion via a deeply nested expression"
    },
    {
      "cve": "CVE-2022-28327",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077689"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: panic caused by oversized scalar",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077689",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-12-01T21:09:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:8750"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: panic caused by oversized scalar"
    },
    {
      "cve": "CVE-2022-30629",
      "cwe": {
        "id": "CWE-331",
        "name": "Insufficient Entropy"
      },
      "discovery_date": "2022-06-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2092793"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: session tickets lack random ticket_age_add",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
          "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
          "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
          "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2092793",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
          "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
        }
      ],
      "release_date": "2022-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-12-01T21:09:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:8750"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:2370dd32b3e15b4261ed6267d5233ff549bd58bf5700edecc4062cce4a2bc302_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:db4873121d15ac4ac438a101a7b7c347769922311d53e8d06b02c41e3b62ecac_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:12f988f14cd8a4f7d5fa175a488435ad571091e2544670a0509fe1027ba71cfb_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:f80bccd1ba7d922113f9f3a1506d01dd7d07ac8d70ef7c72eae497a368b6c303_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:295767815690a79bb3b08895ab8937e322769773ad4cf7a305229ab29ccea897_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:3e3a30a00b367480d3182820ba11e366d87b44ff1e626f9025ddd2c612d78e47_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:4a5362a1fa6fc22344231321616b0f5e1cec7152c73bf0d00a36df62448076ee_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:fffeced76624d73cb2fd19919726886d28fd1bf4ce22549ce0ca84ed972b9e73_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:4e0d47644f1f44e1f01902691edce9e27acfa1aeb5f2de98439acfea7596c2e9_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:53e110e700707e9f876d08a68240b6841ba5932e32b18ace1f9b8be1e575d954_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:f854b68b7443c4ed87e50132aa776e1b60bd71e888cee4e181840667858b7a90_amd64",
            "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:b55e6949adf047224f78d0eba66a5b64c787719f4236a4b4feab268071f0c015_amd64",
            "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:6fd6c7b974eabe5a710b1fa2b3aaf783fe3951112b42a0156743cb16a033b700_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: crypto/tls: session tickets lack random ticket_age_add"
    }
  ]
}

RHSA-2023:1529

Vulnerability from csaf_redhat - Published: 2023-03-30 00:42 - Updated: 2026-06-05 06:24

Summary

Red Hat Security Advisory: Service Telemetry Framework 1.5 security update

Severity

Moderate

Notes

Topic: An update is now available for Service Telemetry Framework 1.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring. Security Fix(es): * golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806) * golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) * golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-1705

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

CVE-2022-23772

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

CVE-2022-23773

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-266 - Incorrect Privilege Assignment

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

CVE-2022-23806

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-252 - Unchecked Return Value

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

CVE-2022-24675

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

CVE-2022-27664

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

CVE-2022-28327

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

CVE-2022-29526

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-358 - Improperly Implemented Security Check for Standard

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

CVE-2022-30629

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-331 - Insufficient Entropy

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Low

CVE-2022-30630

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

CVE-2022-30631

A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

CVE-2022-30632

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

CVE-2022-32189

An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix Workaround

Known not affected 6 products

Product	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64	—	Workaround
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64	—	Workaround
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64	—	Workaround
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64	—	Workaround
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64	—	Workaround
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64	—	Workaround

Threats

Impact Low

CVE-2022-41715

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

CVE-2022-41717

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64		—	Vendor Fix fix

Known not affected 6 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64		—
Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64		—

Threats

Impact Moderate

References

100 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:1529	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053429	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053532	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053541	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092544	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107371	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107374	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107386	external
https://bugzilla.redhat.com/show_bug.cgi?id=2113814	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124669	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132872	external
https://bugzilla.redhat.com/show_bug.cgi?id=2161274	external
https://bugzilla.redhat.com/show_bug.cgi?id=2176537	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-1705	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107374	external
https://www.cve.org/CVERecord?id=CVE-2022-1705	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1705	external
https://go.dev/issue/53188	external
https://groups.google.com/g/golang-announce/c/nqr…	external
https://access.redhat.com/security/cve/CVE-2022-23772	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053532	external
https://www.cve.org/CVERecord?id=CVE-2022-23772	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23772	external
https://groups.google.com/g/golang-announce/c/SUs…	external
https://access.redhat.com/security/cve/CVE-2022-23773	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053541	external
https://www.cve.org/CVERecord?id=CVE-2022-23773	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23773	external
https://access.redhat.com/security/cve/CVE-2022-23806	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053429	external
https://www.cve.org/CVERecord?id=CVE-2022-23806	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23806	external
https://access.redhat.com/security/cve/CVE-2022-24675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://www.cve.org/CVERecord?id=CVE-2022-24675	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24675	external
https://groups.google.com/g/golang-announce/c/oec…	external
https://access.redhat.com/security/cve/CVE-2022-27664	self
https://bugzilla.redhat.com/show_bug.cgi?id=2124669	external
https://www.cve.org/CVERecord?id=CVE-2022-27664	external
https://nvd.nist.gov/vuln/detail/CVE-2022-27664	external
https://go.dev/issue/54658	external
https://groups.google.com/g/golang-announce/c/x49…	external
https://access.redhat.com/security/cve/CVE-2022-28327	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://www.cve.org/CVERecord?id=CVE-2022-28327	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28327	external
https://access.redhat.com/security/cve/CVE-2022-29526	self
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://www.cve.org/CVERecord?id=CVE-2022-29526	external
https://nvd.nist.gov/vuln/detail/CVE-2022-29526	external
https://groups.google.com/g/golang-announce/c/Y5q…	external
https://access.redhat.com/security/cve/CVE-2022-30629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://www.cve.org/CVERecord?id=CVE-2022-30629	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30629	external
https://groups.google.com/g/golang-announce/c/TzI…	external
https://access.redhat.com/security/cve/CVE-2022-30630	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107371	external
https://www.cve.org/CVERecord?id=CVE-2022-30630	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30630	external
https://go.dev/issue/53415	external
https://access.redhat.com/security/cve/CVE-2022-30631	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://www.cve.org/CVERecord?id=CVE-2022-30631	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30631	external
https://go.dev/issue/53168	external
https://access.redhat.com/security/cve/CVE-2022-30632	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107386	external
https://www.cve.org/CVERecord?id=CVE-2022-30632	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30632	external
https://go.dev/issue/53416	external
https://access.redhat.com/security/cve/CVE-2022-32189	self
https://bugzilla.redhat.com/show_bug.cgi?id=2113814	external
https://www.cve.org/CVERecord?id=CVE-2022-32189	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32189	external
https://go.dev/issue/53871	external
https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU	external
https://access.redhat.com/security/cve/CVE-2022-41715	self
https://bugzilla.redhat.com/show_bug.cgi?id=2132872	external
https://www.cve.org/CVERecord?id=CVE-2022-41715	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41715	external
https://github.com/golang/go/issues/55949	external
https://groups.google.com/g/golang-announce/c/xtu…	external
https://access.redhat.com/security/cve/CVE-2022-41717	self
https://bugzilla.redhat.com/show_bug.cgi?id=2161274	external
https://www.cve.org/CVERecord?id=CVE-2022-41717	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41717	external
https://go.dev/cl/455635	external
https://go.dev/cl/455717	external
https://go.dev/issue/56350	external
https://groups.google.com/g/golang-announce/c/L_3…	external
https://pkg.go.dev/vuln/GO-2022-1144	external

Acknowledgments

Joël Gähwiler

ADA Logics Adam Korczynski

OSS-Fuzz

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Service Telemetry Framework 1.5.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring.\n\nSecurity Fix(es):\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1529",
        "url": "https://access.redhat.com/errata/RHSA-2023:1529"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2053429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
      },
      {
        "category": "external",
        "summary": "2053532",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
      },
      {
        "category": "external",
        "summary": "2053541",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2077689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
      },
      {
        "category": "external",
        "summary": "2084085",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
      },
      {
        "category": "external",
        "summary": "2092544",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092544"
      },
      {
        "category": "external",
        "summary": "2092793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
      },
      {
        "category": "external",
        "summary": "2107342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
      },
      {
        "category": "external",
        "summary": "2107371",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
      },
      {
        "category": "external",
        "summary": "2107374",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
      },
      {
        "category": "external",
        "summary": "2107386",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
      },
      {
        "category": "external",
        "summary": "2113814",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
      },
      {
        "category": "external",
        "summary": "2124669",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
      },
      {
        "category": "external",
        "summary": "2132872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
      },
      {
        "category": "external",
        "summary": "2161274",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
      },
      {
        "category": "external",
        "summary": "2176537",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176537"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1529.json"
      }
    ],
    "title": "Red Hat Security Advisory: Service Telemetry Framework 1.5 security update",
    "tracking": {
      "current_release_date": "2026-06-05T06:24:43+00:00",
      "generator": {
        "date": "2026-06-05T06:24:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:1529",
      "initial_release_date": "2023-03-30T00:42:39+00:00",
      "revision_history": [
        {
          "date": "2023-03-30T00:42:39+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-03-30T00:42:39+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-05T06:24:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Service Telemetry Framework 1.5 for RHEL 8",
                "product": {
                  "name": "Service Telemetry Framework 1.5 for RHEL 8",
                  "product_id": "8Base-STF-1.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stf:1.5::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
                "product": {
                  "name": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
                  "product_id": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f?arch=amd64\u0026repository_url=registry.redhat.io/stf/prometheus-webhook-snmp-rhel8\u0026tag=1.5.2-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
                "product": {
                  "name": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
                  "product_id": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717?arch=amd64\u0026repository_url=registry.redhat.io/stf/service-telemetry-operator-bundle\u0026tag=1.5.1678301890-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
                "product": {
                  "name": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
                  "product_id": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0?arch=amd64\u0026repository_url=registry.redhat.io/stf/service-telemetry-rhel8-operator\u0026tag=1.5.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
                "product": {
                  "name": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
                  "product_id": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28?arch=amd64\u0026repository_url=registry.redhat.io/stf/sg-bridge-rhel8\u0026tag=1.5.0-12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
                "product": {
                  "name": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
                  "product_id": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37?arch=amd64\u0026repository_url=registry.redhat.io/stf/sg-core-rhel8\u0026tag=5.1.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
                "product": {
                  "name": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
                  "product_id": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546?arch=amd64\u0026repository_url=registry.redhat.io/stf/smart-gateway-operator-bundle\u0026tag=5.0.1678301890-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64",
                "product": {
                  "name": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64",
                  "product_id": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471?arch=amd64\u0026repository_url=registry.redhat.io/stf/smart-gateway-rhel8-operator\u0026tag=5.0.1-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
          "product_id": "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64"
        },
        "product_reference": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
        "relates_to_product_reference": "8Base-STF-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
          "product_id": "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64"
        },
        "product_reference": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
        "relates_to_product_reference": "8Base-STF-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
          "product_id": "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64"
        },
        "product_reference": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
        "relates_to_product_reference": "8Base-STF-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
          "product_id": "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64"
        },
        "product_reference": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
        "relates_to_product_reference": "8Base-STF-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
          "product_id": "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        },
        "product_reference": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
        "relates_to_product_reference": "8Base-STF-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
          "product_id": "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64"
        },
        "product_reference": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
        "relates_to_product_reference": "8Base-STF-1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
          "product_id": "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        },
        "product_reference": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64",
        "relates_to_product_reference": "8Base-STF-1.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-1705",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107374"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: improper sanitization of Transfer-Encoding header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107374",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53188",
          "url": "https://go.dev/issue/53188"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: improper sanitization of Transfer-Encoding header"
    },
    {
      "cve": "CVE-2022-23772",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053532"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053532",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-01-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
    },
    {
      "cve": "CVE-2022-23773",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053541"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053541",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
    },
    {
      "cve": "CVE-2022-23806",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053429"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053429",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-27664",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-09-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2124669"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: handle server errors after sending GOAWAY",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-27664"
        },
        {
          "category": "external",
          "summary": "RHBZ#2124669",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/54658",
          "url": "https://go.dev/issue/54658"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
          "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
        }
      ],
      "release_date": "2022-09-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: handle server errors after sending GOAWAY"
    },
    {
      "cve": "CVE-2022-28327",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077689"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: panic caused by oversized scalar",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077689",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: panic caused by oversized scalar"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jo\u00ebl G\u00e4hwiler"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-29526",
      "cwe": {
        "id": "CWE-358",
        "name": "Improperly Implemented Security Check for Standard"
      },
      "discovery_date": "2022-05-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2084085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: syscall: faccessat checks wrong group",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "RHBZ#2084085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
          "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
        }
      ],
      "release_date": "2022-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: syscall: faccessat checks wrong group"
    },
    {
      "cve": "CVE-2022-30629",
      "cwe": {
        "id": "CWE-331",
        "name": "Insufficient Entropy"
      },
      "discovery_date": "2022-06-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2092793"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: session tickets lack random ticket_age_add",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2092793",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
          "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
        }
      ],
      "release_date": "2022-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: crypto/tls: session tickets lack random ticket_age_add"
    },
    {
      "cve": "CVE-2022-30630",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107371"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: io/fs: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107371",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53415",
          "url": "https://go.dev/issue/53415"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: io/fs: stack exhaustion in Glob"
    },
    {
      "cve": "CVE-2022-30631",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: compress/gzip: stack exhaustion in Reader.Read",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53168",
          "url": "https://go.dev/issue/53168"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: compress/gzip: stack exhaustion in Reader.Read"
    },
    {
      "cve": "CVE-2022-30632",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107386"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: path/filepath: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107386",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53416",
          "url": "https://go.dev/issue/53416"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: path/filepath: stack exhaustion in Glob"
    },
    {
      "cve": "CVE-2022-32189",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-08-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2113814"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32189"
        },
        {
          "category": "external",
          "summary": "RHBZ#2113814",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53871",
          "url": "https://go.dev/issue/53871"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
          "url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
        }
      ],
      "release_date": "2022-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Adam Korczynski"
          ],
          "organization": "ADA Logics"
        },
        {
          "names": [
            "OSS-Fuzz"
          ]
        }
      ],
      "cve": "CVE-2022-41715",
      "discovery_date": "2022-10-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2132872"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: regexp/syntax: limit memory used by parsing regexps",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41715"
        },
        {
          "category": "external",
          "summary": "RHBZ#2132872",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/55949",
          "url": "https://github.com/golang/go/issues/55949"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
          "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
        }
      ],
      "release_date": "2022-10-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: regexp/syntax: limit memory used by parsing regexps"
    },
    {
      "cve": "CVE-2022-41717",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-01-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2161274"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
        ],
        "known_not_affected": [
          "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
          "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
          "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
          "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
          "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
          "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41717"
        },
        {
          "category": "external",
          "summary": "RHBZ#2161274",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/455635",
          "url": "https://go.dev/cl/455635"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/455717",
          "url": "https://go.dev/cl/455717"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/56350",
          "url": "https://go.dev/issue/56350"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
          "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2022-1144",
          "url": "https://pkg.go.dev/vuln/GO-2022-1144"
        }
      ],
      "release_date": "2022-11-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-30T00:42:39+00:00",
          "details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
            "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
            "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
            "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
            "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
            "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
            "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
    }
  ]
}

RHSA-2023:3642

Vulnerability from csaf_redhat - Published: 2023-06-15 15:59 - Updated: 2026-06-05 06:24

Summary

Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update

Severity

Important

Notes

Topic: A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9. Security Fix(es): * crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912) * eventsource: Exposure of Sensitive Information (CVE-2022-1650) * grafana: stored XSS vulnerability (CVE-2022-31097) * grafana: OAuth account takeover (CVE-2022-31107) * ramda: prototype poisoning (CVE-2021-42581) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * marked: regular expression block.def may lead Denial of Service (CVE-2022-21680) * marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635) * grafana: plugin signature bypass (CVE-2022-31123) * grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130) * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) * golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190) * grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957) * grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201) * grafana: using email as a username can block other users from signing in (CVE-2022-39229) * grafana: email addresses and usernames cannot be trusted (CVE-2022-39306) * grafana: User enumeration via forget password (CVE-2022-39307) * grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes: https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.

CVE-2021-42581

A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-1650

9.3 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Important

CVE-2022-1705

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-2880

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-21680

A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-186 - Overly Restrictive Regular Expression

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-21681

A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-186 - Overly Restrictive Regular Expression

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-23498

A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session.` As a result, any user that queries a data source where the caching is enabled can acquire another user’s session.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 18 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2022-24675

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-24785

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix Workaround

Known not affected 15 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x	—	Workaround

Threats

Impact Moderate

CVE-2022-26148

A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in api_jsonrpc.php to discover the Zabbix account password and URL address.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-312 - Cleartext Storage of Sensitive Information

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-27664

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-28131

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-28327

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-29526

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-358 - Improperly Implemented Security Check for Standard

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-30629

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-331 - Insufficient Entropy

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Low

CVE-2022-30630

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-30631

A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-30632

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-30633

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-30635

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 - Improperly Controlled Sequential Memory Allocation

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-31097

A Cross-site scripting (XSS) vulnerability was found in the Unified Alerting feature of Grafana. This stored XSS can elevate privileges from Editor to Admin.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix Workaround

Known not affected 15 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x	—	Workaround

Threats

Impact Important

CVE-2022-31107

A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-287 - Improper Authentication

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix Workaround

Known not affected 15 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x	—	Workaround

Threats

Impact Important

CVE-2022-31123

A flaw was found in the Grafana web application, where it is possible to install plugins which are not digitally signed. An admin could install unsigned plugins, which may contain malicious code.

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-31130

A flaw was found in Grafana's use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user's authentication token, which could be used by an attacker.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-32148

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-32189

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix Workaround

Known not affected 15 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64	—	Workaround
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x	—	Workaround

Threats

Impact Low

CVE-2022-32190

A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-35957

A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username (or email) in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with this front proxy.

6.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-39201

A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability.

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-39229

A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email address access.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-39306

An authentication bypass flaw was discovered in Grafana. This issue could allow a remote unauthenticated attacker to create an account and provide access to a certain organization, which can be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality and integrity.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-303 - Incorrect Implementation of Authentication Algorithm

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-39307

An information leak was discovered in Grafana. Remote unauthenticated users could exploit the forget password feature to discover which user accounts exist.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-209 - Generation of Error Message Containing Sensitive Information

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-39324

A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the "Open original dashboard" button.

6.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

CWE-472 - External Control of Assumed-Immutable Web Parameter

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-41715

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Moderate

CVE-2022-41912

An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable compromising system integrity.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le	—	Vendor Fix fix

Known not affected 15 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x		—

Threats

Impact Important

References

213 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:3642	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2066563	external
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://bugzilla.redhat.com/show_bug.cgi?id=2082705	external
https://bugzilla.redhat.com/show_bug.cgi?id=2082706	external
https://bugzilla.redhat.com/show_bug.cgi?id=2083778	external
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://bugzilla.redhat.com/show_bug.cgi?id=2085307	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104365	external
https://bugzilla.redhat.com/show_bug.cgi?id=2104367	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107371	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107374	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107383	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107386	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107388	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107390	external
https://bugzilla.redhat.com/show_bug.cgi?id=2107392	external
https://bugzilla.redhat.com/show_bug.cgi?id=2113814	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124668	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124669	external
https://bugzilla.redhat.com/show_bug.cgi?id=2125514	external
https://bugzilla.redhat.com/show_bug.cgi?id=2131146	external
https://bugzilla.redhat.com/show_bug.cgi?id=2131147	external
https://bugzilla.redhat.com/show_bug.cgi?id=2131148	external
https://bugzilla.redhat.com/show_bug.cgi?id=2131149	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132868	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132872	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138014	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138015	external
https://bugzilla.redhat.com/show_bug.cgi?id=2148252	external
https://bugzilla.redhat.com/show_bug.cgi?id=2149181	external
https://bugzilla.redhat.com/show_bug.cgi?id=2168965	external
https://bugzilla.redhat.com/show_bug.cgi?id=2174461	external
https://bugzilla.redhat.com/show_bug.cgi?id=2174462	external
https://bugzilla.redhat.com/show_bug.cgi?id=2186142	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-42581	self
https://bugzilla.redhat.com/show_bug.cgi?id=2083778	external
https://www.cve.org/CVERecord?id=CVE-2021-42581	external
https://nvd.nist.gov/vuln/detail/CVE-2021-42581	external
https://github.com/ramda/ramda/pull/3192	external
https://access.redhat.com/security/cve/CVE-2022-1650	self
https://bugzilla.redhat.com/show_bug.cgi?id=2085307	external
https://www.cve.org/CVERecord?id=CVE-2022-1650	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1650	external
https://huntr.dev/bounties/dc9e467f-be5d-4945-867…	external
https://access.redhat.com/security/cve/CVE-2022-1705	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107374	external
https://www.cve.org/CVERecord?id=CVE-2022-1705	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1705	external
https://go.dev/issue/53188	external
https://groups.google.com/g/golang-announce/c/nqr…	external
https://access.redhat.com/security/cve/CVE-2022-2880	self
https://bugzilla.redhat.com/show_bug.cgi?id=2132868	external
https://www.cve.org/CVERecord?id=CVE-2022-2880	external
https://nvd.nist.gov/vuln/detail/CVE-2022-2880	external
https://github.com/golang/go/issues/54663	external
https://groups.google.com/g/golang-announce/c/xtu…	external
https://access.redhat.com/security/cve/CVE-2022-21680	self
https://bugzilla.redhat.com/show_bug.cgi?id=2082705	external
https://www.cve.org/CVERecord?id=CVE-2022-21680	external
https://nvd.nist.gov/vuln/detail/CVE-2022-21680	external
https://access.redhat.com/security/cve/CVE-2022-21681	self
https://bugzilla.redhat.com/show_bug.cgi?id=2082706	external
https://www.cve.org/CVERecord?id=CVE-2022-21681	external
https://nvd.nist.gov/vuln/detail/CVE-2022-21681	external
https://access.redhat.com/security/cve/CVE-2022-23498	self
https://bugzilla.redhat.com/show_bug.cgi?id=2167266	external
https://www.cve.org/CVERecord?id=CVE-2022-23498	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23498	external
https://github.com/grafana/grafana/security/advis…	external
https://access.redhat.com/security/cve/CVE-2022-24675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://www.cve.org/CVERecord?id=CVE-2022-24675	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24675	external
https://groups.google.com/g/golang-announce/c/oec…	external
https://access.redhat.com/security/cve/CVE-2022-24785	self
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://www.cve.org/CVERecord?id=CVE-2022-24785	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24785	external
https://github.com/moment/moment/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2022-26148	self
https://bugzilla.redhat.com/show_bug.cgi?id=2066563	external
https://www.cve.org/CVERecord?id=CVE-2022-26148	external
https://nvd.nist.gov/vuln/detail/CVE-2022-26148	external
https://access.redhat.com/security/cve/CVE-2022-27664	self
https://bugzilla.redhat.com/show_bug.cgi?id=2124669	external
https://www.cve.org/CVERecord?id=CVE-2022-27664	external
https://nvd.nist.gov/vuln/detail/CVE-2022-27664	external
https://go.dev/issue/54658	external
https://groups.google.com/g/golang-announce/c/x49…	external
https://access.redhat.com/security/cve/CVE-2022-28131	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107390	external
https://www.cve.org/CVERecord?id=CVE-2022-28131	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28131	external
https://go.dev/issue/53614	external
https://access.redhat.com/security/cve/CVE-2022-28327	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://www.cve.org/CVERecord?id=CVE-2022-28327	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28327	external
https://access.redhat.com/security/cve/CVE-2022-29526	self
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://www.cve.org/CVERecord?id=CVE-2022-29526	external
https://nvd.nist.gov/vuln/detail/CVE-2022-29526	external
https://groups.google.com/g/golang-announce/c/Y5q…	external
https://access.redhat.com/security/cve/CVE-2022-30629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2092793	external
https://www.cve.org/CVERecord?id=CVE-2022-30629	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30629	external
https://groups.google.com/g/golang-announce/c/TzI…	external
https://access.redhat.com/security/cve/CVE-2022-30630	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107371	external
https://www.cve.org/CVERecord?id=CVE-2022-30630	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30630	external
https://go.dev/issue/53415	external
https://access.redhat.com/security/cve/CVE-2022-30631	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107342	external
https://www.cve.org/CVERecord?id=CVE-2022-30631	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30631	external
https://go.dev/issue/53168	external
https://access.redhat.com/security/cve/CVE-2022-30632	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107386	external
https://www.cve.org/CVERecord?id=CVE-2022-30632	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30632	external
https://go.dev/issue/53416	external
https://access.redhat.com/security/cve/CVE-2022-30633	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107392	external
https://www.cve.org/CVERecord?id=CVE-2022-30633	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30633	external
https://go.dev/issue/53611	external
https://access.redhat.com/security/cve/CVE-2022-30635	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107388	external
https://www.cve.org/CVERecord?id=CVE-2022-30635	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30635	external
https://go.dev/issue/53615	external
https://access.redhat.com/security/cve/CVE-2022-31097	self
https://bugzilla.redhat.com/show_bug.cgi?id=2104365	external
https://www.cve.org/CVERecord?id=CVE-2022-31097	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31097	external
https://github.com/grafana/grafana/security/advis…	external
https://access.redhat.com/security/cve/CVE-2022-31107	self
https://bugzilla.redhat.com/show_bug.cgi?id=2104367	external
https://www.cve.org/CVERecord?id=CVE-2022-31107	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31107	external
https://github.com/grafana/grafana/security/advis…	external
https://access.redhat.com/security/cve/CVE-2022-31123	self
https://bugzilla.redhat.com/show_bug.cgi?id=2131147	external
https://www.cve.org/CVERecord?id=CVE-2022-31123	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31123	external
https://github.com/grafana/grafana/security/advis…	external
https://access.redhat.com/security/cve/CVE-2022-31130	self
https://bugzilla.redhat.com/show_bug.cgi?id=2131146	external
https://www.cve.org/CVERecord?id=CVE-2022-31130	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31130	external
https://access.redhat.com/security/cve/CVE-2022-32148	self
https://bugzilla.redhat.com/show_bug.cgi?id=2107383	external
https://www.cve.org/CVERecord?id=CVE-2022-32148	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32148	external
https://go.dev/issue/53423	external
https://access.redhat.com/security/cve/CVE-2022-32189	self
https://bugzilla.redhat.com/show_bug.cgi?id=2113814	external
https://www.cve.org/CVERecord?id=CVE-2022-32189	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32189	external
https://go.dev/issue/53871	external
https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU	external
https://access.redhat.com/security/cve/CVE-2022-32190	self
https://bugzilla.redhat.com/show_bug.cgi?id=2124668	external
https://www.cve.org/CVERecord?id=CVE-2022-32190	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32190	external
https://go.dev/issue/54385	external
https://access.redhat.com/security/cve/CVE-2022-35957	self
https://bugzilla.redhat.com/show_bug.cgi?id=2125514	external
https://www.cve.org/CVERecord?id=CVE-2022-35957	external
https://nvd.nist.gov/vuln/detail/CVE-2022-35957	external
https://github.com/grafana/grafana/security/advis…	external
https://access.redhat.com/security/cve/CVE-2022-39201	self
https://bugzilla.redhat.com/show_bug.cgi?id=2131148	external
https://www.cve.org/CVERecord?id=CVE-2022-39201	external
https://nvd.nist.gov/vuln/detail/CVE-2022-39201	external
https://access.redhat.com/security/cve/CVE-2022-39229	self
https://bugzilla.redhat.com/show_bug.cgi?id=2131149	external
https://www.cve.org/CVERecord?id=CVE-2022-39229	external
https://nvd.nist.gov/vuln/detail/CVE-2022-39229	external
https://access.redhat.com/security/cve/CVE-2022-39306	self
https://bugzilla.redhat.com/show_bug.cgi?id=2138014	external
https://www.cve.org/CVERecord?id=CVE-2022-39306	external
https://nvd.nist.gov/vuln/detail/CVE-2022-39306	external
https://grafana.com/blog/2022/11/08/security-rele…	external
https://access.redhat.com/security/cve/CVE-2022-39307	self
https://bugzilla.redhat.com/show_bug.cgi?id=2138015	external
https://www.cve.org/CVERecord?id=CVE-2022-39307	external
https://nvd.nist.gov/vuln/detail/CVE-2022-39307	external
https://access.redhat.com/security/cve/CVE-2022-39324	self
https://bugzilla.redhat.com/show_bug.cgi?id=2148252	external
https://www.cve.org/CVERecord?id=CVE-2022-39324	external
https://nvd.nist.gov/vuln/detail/CVE-2022-39324	external
https://grafana.com/blog/2023/01/25/grafana-secur…	external
https://access.redhat.com/security/cve/CVE-2022-41715	self
https://bugzilla.redhat.com/show_bug.cgi?id=2132872	external
https://www.cve.org/CVERecord?id=CVE-2022-41715	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41715	external
https://github.com/golang/go/issues/55949	external
https://access.redhat.com/security/cve/CVE-2022-41912	self
https://bugzilla.redhat.com/show_bug.cgi?id=2149181	external
https://www.cve.org/CVERecord?id=CVE-2022-41912	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41912	external
https://github.com/crewjam/saml/security/advisori…	external

Acknowledgments

Head of Research, Oxeye Daniel Abeles

Security Researcher, Oxeye Gal Goldstein

Joël Gähwiler

HTTPVoid team

Grafana Team

Grafana Security Team

ADA Logics Adam Korczynski

OSS-Fuzz

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.\n\nThis new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.\n\nSecurity Fix(es):\n\n* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* grafana: stored XSS vulnerability (CVE-2022-31097)\n\n* grafana: OAuth account takeover (CVE-2022-31107)\n\n* ramda: prototype poisoning (CVE-2021-42581)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)\n\n* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* Moment.js: Path traversal  in moment.locale (CVE-2022-24785)\n\n* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* grafana: plugin signature bypass (CVE-2022-31123)\n\n* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\n* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)\n\n* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)\n\n* grafana: using email as a username can block other users from signing in (CVE-2022-39229)\n\n* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)\n\n* grafana: User enumeration via forget password (CVE-2022-39307)\n\n* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:3642",
        "url": "https://access.redhat.com/errata/RHSA-2023:3642"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index"
      },
      {
        "category": "external",
        "summary": "2066563",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563"
      },
      {
        "category": "external",
        "summary": "2072009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2077689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
      },
      {
        "category": "external",
        "summary": "2082705",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705"
      },
      {
        "category": "external",
        "summary": "2082706",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706"
      },
      {
        "category": "external",
        "summary": "2083778",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778"
      },
      {
        "category": "external",
        "summary": "2084085",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
      },
      {
        "category": "external",
        "summary": "2085307",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
      },
      {
        "category": "external",
        "summary": "2092793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
      },
      {
        "category": "external",
        "summary": "2104365",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365"
      },
      {
        "category": "external",
        "summary": "2104367",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
      },
      {
        "category": "external",
        "summary": "2107342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
      },
      {
        "category": "external",
        "summary": "2107371",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
      },
      {
        "category": "external",
        "summary": "2107374",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
      },
      {
        "category": "external",
        "summary": "2107383",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
      },
      {
        "category": "external",
        "summary": "2107386",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
      },
      {
        "category": "external",
        "summary": "2107388",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
      },
      {
        "category": "external",
        "summary": "2107390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
      },
      {
        "category": "external",
        "summary": "2107392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
      },
      {
        "category": "external",
        "summary": "2113814",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
      },
      {
        "category": "external",
        "summary": "2124668",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
      },
      {
        "category": "external",
        "summary": "2124669",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
      },
      {
        "category": "external",
        "summary": "2125514",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
      },
      {
        "category": "external",
        "summary": "2131146",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146"
      },
      {
        "category": "external",
        "summary": "2131147",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147"
      },
      {
        "category": "external",
        "summary": "2131148",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148"
      },
      {
        "category": "external",
        "summary": "2131149",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
      },
      {
        "category": "external",
        "summary": "2132868",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
      },
      {
        "category": "external",
        "summary": "2132872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
      },
      {
        "category": "external",
        "summary": "2138014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014"
      },
      {
        "category": "external",
        "summary": "2138015",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015"
      },
      {
        "category": "external",
        "summary": "2148252",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"
      },
      {
        "category": "external",
        "summary": "2149181",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181"
      },
      {
        "category": "external",
        "summary": "2168965",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168965"
      },
      {
        "category": "external",
        "summary": "2174461",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174461"
      },
      {
        "category": "external",
        "summary": "2174462",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174462"
      },
      {
        "category": "external",
        "summary": "2186142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186142"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3642.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update",
    "tracking": {
      "current_release_date": "2026-06-05T06:24:45+00:00",
      "generator": {
        "date": "2026-06-05T06:24:45+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:3642",
      "initial_release_date": "2023-06-15T15:59:41+00:00",
      "revision_history": [
        {
          "date": "2023-06-15T15:59:41+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-06-15T15:59:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-05T06:24:45+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Ceph Storage 6.1 Tools",
                "product": {
                  "name": "Red Hat Ceph Storage 6.1 Tools",
                  "product_id": "9Base-RHCEPH-6.1-Tools",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Ceph Storage"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
                "product": {
                  "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
                  "product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
                "product": {
                  "name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
                  "product_id": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
                "product": {
                  "name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
                  "product_id": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
                "product": {
                  "name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
                  "product_id": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
                "product": {
                  "name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
                  "product_id": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
                "product": {
                  "name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
                  "product_id": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
                "product": {
                  "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
                  "product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
                "product": {
                  "name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
                  "product_id": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
                "product": {
                  "name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
                  "product_id": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
                "product": {
                  "name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
                  "product_id": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
                "product": {
                  "name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
                  "product_id": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
                "product": {
                  "name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
                  "product_id": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
                "product": {
                  "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
                  "product_id": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-dashboard-rhel9\u0026tag=6-75"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
                "product": {
                  "name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
                  "product_id": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.4-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
                "product": {
                  "name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
                  "product_id": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
                "product": {
                  "name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
                  "product_id": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-6-rhel9\u0026tag=6-177"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
                "product": {
                  "name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
                  "product_id": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.17-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
                "product": {
                  "name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
                  "product_id": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-36"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x"
        },
        "product_reference": "rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le"
        },
        "product_reference": "rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64"
        },
        "product_reference": "rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64"
        },
        "product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x"
        },
        "product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        },
        "product_reference": "rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x"
        },
        "product_reference": "rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64"
        },
        "product_reference": "rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le"
        },
        "product_reference": "rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64"
        },
        "product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le"
        },
        "product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x"
        },
        "product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x"
        },
        "product_reference": "rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64"
        },
        "product_reference": "rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le"
        },
        "product_reference": "rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le"
        },
        "product_reference": "rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64"
        },
        "product_reference": "rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        },
        "product_reference": "rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-42581",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-05-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2083778"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ramda: prototype poisoning",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are the application-ui container up to and including RHACM 2.4.4, 2.3.10 and 2.2.13 and grc-ui container up to and including RHACM 2.2.13 versions. However not any RHACM is affected in the kui-web-terminal container as is using already patched and not affected version, therefore we are not impacted in this particular component. In RHACM these components are behind OpenShift OAuth. This restricts access to the vulnerable ramda library to authenticated users only, therefore the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-42581"
        },
        {
          "category": "external",
          "summary": "RHBZ#2083778",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083778"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42581",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42581"
        },
        {
          "category": "external",
          "summary": "https://github.com/ramda/ramda/pull/3192",
          "url": "https://github.com/ramda/ramda/pull/3192"
        }
      ],
      "release_date": "2022-05-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ramda: prototype poisoning"
    },
    {
      "cve": "CVE-2022-1650",
      "cwe": {
        "id": "CWE-359",
        "name": "Exposure of Private Personal Information to an Unauthorized Actor"
      },
      "discovery_date": "2022-05-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2085307"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "eventsource: Exposure of Sensitive Information",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1650"
        },
        {
          "category": "external",
          "summary": "RHBZ#2085307",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1650"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
          "url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
        }
      ],
      "release_date": "2022-05-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "eventsource: Exposure of Sensitive Information"
    },
    {
      "cve": "CVE-2022-1705",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107374"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: improper sanitization of Transfer-Encoding header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107374",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53188",
          "url": "https://go.dev/issue/53188"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: improper sanitization of Transfer-Encoding header"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Daniel Abeles"
          ],
          "organization": "Head of Research, Oxeye"
        },
        {
          "names": [
            "Gal Goldstein"
          ],
          "organization": "Security Researcher, Oxeye"
        }
      ],
      "cve": "CVE-2022-2880",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-10-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2132868"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-2880"
        },
        {
          "category": "external",
          "summary": "RHBZ#2132868",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/54663",
          "url": "https://github.com/golang/go/issues/54663"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
          "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
        }
      ],
      "release_date": "2022-10-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
    },
    {
      "cve": "CVE-2022-21680",
      "cwe": {
        "id": "CWE-186",
        "name": "Overly Restrictive Regular Expression"
      },
      "discovery_date": "2022-05-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2082705"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "marked: regular expression block.def may lead Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-21680"
        },
        {
          "category": "external",
          "summary": "RHBZ#2082705",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082705"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21680"
        }
      ],
      "release_date": "2022-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "marked: regular expression block.def may lead Denial of Service"
    },
    {
      "cve": "CVE-2022-21681",
      "cwe": {
        "id": "CWE-186",
        "name": "Overly Restrictive Regular Expression"
      },
      "discovery_date": "2022-05-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2082706"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "marked: regular expression inline.reflinkSearch may lead Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-21681"
        },
        {
          "category": "external",
          "summary": "RHBZ#2082706",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082706"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21681"
        }
      ],
      "release_date": "2022-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "marked: regular expression inline.reflinkSearch may lead Denial of Service"
    },
    {
      "cve": "CVE-2022-23498",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-02-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2167266"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session.` As a result, any user that queries a data source where the caching is enabled can acquire another user\u2019s session.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: Use of Cache Containing Sensitive Information",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23498"
        },
        {
          "category": "external",
          "summary": "RHBZ#2167266",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167266"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23498",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23498"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23498"
        },
        {
          "category": "external",
          "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8",
          "url": "https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8"
        }
      ],
      "release_date": "2023-02-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        },
        {
          "category": "workaround",
          "details": "To mitigate the vulnerability, disable the data source query caching for all data sources.",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "grafana: Use of Cache Containing Sensitive Information"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-24785",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-04-05T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2072009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Moment.js: Path traversal  in moment.locale",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Quay 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "RHBZ#2072009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
        }
      ],
      "release_date": "2022-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        },
        {
          "category": "workaround",
          "details": "Sanitize the user-provided locale name before passing it to Moment.js.",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Moment.js: Path traversal  in moment.locale"
    },
    {
      "cve": "CVE-2022-26148",
      "cwe": {
        "id": "CWE-312",
        "name": "Cleartext Storage of Sensitive Information"
      },
      "discovery_date": "2022-03-22T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2066563"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in api_jsonrpc.php to discover the Zabbix account password and URL address.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-26148"
        },
        {
          "category": "external",
          "summary": "RHBZ#2066563",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066563"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26148",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-26148"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26148"
        }
      ],
      "release_date": "2022-03-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix"
    },
    {
      "cve": "CVE-2022-27664",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-09-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2124669"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: handle server errors after sending GOAWAY",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-27664"
        },
        {
          "category": "external",
          "summary": "RHBZ#2124669",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/54658",
          "url": "https://go.dev/issue/54658"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
          "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
        }
      ],
      "release_date": "2022-09-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: handle server errors after sending GOAWAY"
    },
    {
      "cve": "CVE-2022-28131",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107390"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability exists in the calling of the function decoder.skip to a deeply nested XML document. Although the vulnerability exists, it may require that the application accept deeply nested XML from untrusted sources and specifically calls Decoder.Skip on it. In many deployments, that code path might not even be reachable or exposed to external input. On top of that, a successful exploitation will only result in denial of service due to stack exhaustion, which is why this has been marked as moderate by Red Hat.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107390",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53614",
          "url": "https://go.dev/issue/53614"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
    },
    {
      "cve": "CVE-2022-28327",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077689"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: panic caused by oversized scalar",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077689",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: panic caused by oversized scalar"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jo\u00ebl G\u00e4hwiler"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-29526",
      "cwe": {
        "id": "CWE-358",
        "name": "Improperly Implemented Security Check for Standard"
      },
      "discovery_date": "2022-05-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2084085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: syscall: faccessat checks wrong group",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "RHBZ#2084085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
          "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
        }
      ],
      "release_date": "2022-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: syscall: faccessat checks wrong group"
    },
    {
      "cve": "CVE-2022-30629",
      "cwe": {
        "id": "CWE-331",
        "name": "Insufficient Entropy"
      },
      "discovery_date": "2022-06-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2092793"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: session tickets lack random ticket_age_add",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2092793",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
          "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
        }
      ],
      "release_date": "2022-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: crypto/tls: session tickets lack random ticket_age_add"
    },
    {
      "cve": "CVE-2022-30630",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107371"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: io/fs: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107371",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53415",
          "url": "https://go.dev/issue/53415"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: io/fs: stack exhaustion in Glob"
    },
    {
      "cve": "CVE-2022-30631",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: compress/gzip: stack exhaustion in Reader.Read",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53168",
          "url": "https://go.dev/issue/53168"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: compress/gzip: stack exhaustion in Reader.Read"
    },
    {
      "cve": "CVE-2022-30632",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107386"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: path/filepath: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107386",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53416",
          "url": "https://go.dev/issue/53416"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: path/filepath: stack exhaustion in Glob"
    },
    {
      "cve": "CVE-2022-30633",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/xml: stack exhaustion in Unmarshal",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn\u2019t compromise confidentiality or integrity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53611",
          "url": "https://go.dev/issue/53611"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/xml: stack exhaustion in Unmarshal"
    },
    {
      "cve": "CVE-2022-30635",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107388"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107388",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53615",
          "url": "https://go.dev/issue/53615"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
    },
    {
      "cve": "CVE-2022-31097",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2022-07-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2104365"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Cross-site scripting (XSS) vulnerability was found in the Unified Alerting feature of Grafana. This stored XSS can elevate privileges from Editor to Admin.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: stored XSS vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31097"
        },
        {
          "category": "external",
          "summary": "RHBZ#2104365",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104365"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31097",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31097"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31097"
        },
        {
          "category": "external",
          "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f",
          "url": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f"
        }
      ],
      "release_date": "2022-07-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        },
        {
          "category": "workaround",
          "details": "Disable Unified alerting.\nhttps://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#unified_alerting",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "grafana: stored XSS vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "HTTPVoid team"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-31107",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2022-07-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2104367"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: OAuth account takeover",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31107"
        },
        {
          "category": "external",
          "summary": "RHBZ#2104367",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31107",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31107"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107"
        },
        {
          "category": "external",
          "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2",
          "url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
        }
      ],
      "release_date": "2022-07-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        },
        {
          "category": "workaround",
          "details": "As a workaround, it is possible to disable any OAuth login or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "grafana: OAuth account takeover"
    },
    {
      "cve": "CVE-2022-31123",
      "discovery_date": "2022-09-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2131147"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Grafana web application, where it is possible to install plugins which are not digitally signed. An admin could install unsigned plugins, which may contain malicious code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: plugin signature bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31123"
        },
        {
          "category": "external",
          "summary": "RHBZ#2131147",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131147"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31123"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31123"
        },
        {
          "category": "external",
          "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8",
          "url": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8"
        }
      ],
      "release_date": "2022-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "grafana: plugin signature bypass"
    },
    {
      "cve": "CVE-2022-31130",
      "discovery_date": "2022-09-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2131146"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Grafana\u0027s use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user\u0027s authentication token, which could be used by an attacker.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31130"
        },
        {
          "category": "external",
          "summary": "RHBZ#2131146",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131146"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31130"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31130"
        }
      ],
      "release_date": "2022-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins"
    },
    {
      "cve": "CVE-2022-32148",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107383"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107383",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53423",
          "url": "https://go.dev/issue/53423"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
    },
    {
      "cve": "CVE-2022-32189",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-08-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2113814"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32189"
        },
        {
          "category": "external",
          "summary": "RHBZ#2113814",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53871",
          "url": "https://go.dev/issue/53871"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
          "url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
        }
      ],
      "release_date": "2022-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
    },
    {
      "cve": "CVE-2022-32190",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-09-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2124668"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32190"
        },
        {
          "category": "external",
          "summary": "RHBZ#2124668",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/54385",
          "url": "https://go.dev/issue/54385"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
          "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
        }
      ],
      "release_date": "2022-09-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
    },
    {
      "cve": "CVE-2022-35957",
      "cwe": {
        "id": "CWE-288",
        "name": "Authentication Bypass Using an Alternate Path or Channel"
      },
      "discovery_date": "2022-09-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2125514"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username (or email) in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with this front proxy.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: Escalation from admin to server admin when auth proxy is used",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-35957"
        },
        {
          "category": "external",
          "summary": "RHBZ#2125514",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-35957",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-35957"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957"
        },
        {
          "category": "external",
          "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q",
          "url": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q"
        }
      ],
      "release_date": "2022-09-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "grafana: Escalation from admin to server admin when auth proxy is used"
    },
    {
      "cve": "CVE-2022-39201",
      "discovery_date": "2022-09-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2131148"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-39201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2131148",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131148"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-39201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-39201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39201"
        }
      ],
      "release_date": "2022-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins"
    },
    {
      "cve": "CVE-2022-39229",
      "discovery_date": "2022-09-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2131149"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email address access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: using email as a username can block other users from signing in",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-39229"
        },
        {
          "category": "external",
          "summary": "RHBZ#2131149",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-39229",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-39229"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229"
        }
      ],
      "release_date": "2022-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "grafana: using email as a username can block other users from signing in"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Grafana Team"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-39306",
      "cwe": {
        "id": "CWE-303",
        "name": "Incorrect Implementation of Authentication Algorithm"
      },
      "discovery_date": "2022-10-26T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2138014"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An authentication bypass flaw was discovered in Grafana. This issue could allow a remote unauthenticated attacker to create an account and provide access to a certain organization, which can be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: email addresses and usernames cannot be trusted",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-39306"
        },
        {
          "category": "external",
          "summary": "RHBZ#2138014",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138014"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-39306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-39306"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306"
        },
        {
          "category": "external",
          "summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/",
          "url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/"
        }
      ],
      "release_date": "2022-11-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "grafana: email addresses and usernames cannot be trusted"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Grafana Team"
          ]
        }
      ],
      "cve": "CVE-2022-39307",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "discovery_date": "2022-10-26T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2138015"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An information leak was discovered in Grafana. Remote unauthenticated users could exploit the forget password feature to discover which user accounts exist.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: User enumeration via forget password",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-39307"
        },
        {
          "category": "external",
          "summary": "RHBZ#2138015",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138015"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-39307",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-39307"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307"
        },
        {
          "category": "external",
          "summary": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/",
          "url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/"
        }
      ],
      "release_date": "2022-11-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "grafana: User enumeration via forget password"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Grafana Security Team"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-39324",
      "cwe": {
        "id": "CWE-472",
        "name": "External Control of Assumed-Immutable Web Parameter"
      },
      "discovery_date": "2022-11-24T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2148252"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the \"Open original dashboard\" button.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: Spoofing of the originalUrl parameter of snapshots",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Service Mesh containers include the Grafana RPM from RHEL and consume CVE fixes for Grafana from RHEL channels. The servicemesh-grafana RPM shipped in early versions of OpenShift Service Mesh 2.1 is no longer maintained.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-39324"
        },
        {
          "category": "external",
          "summary": "RHBZ#2148252",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-39324",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-39324"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39324"
        },
        {
          "category": "external",
          "summary": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/",
          "url": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/"
        }
      ],
      "release_date": "2023-01-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "grafana: Spoofing of the originalUrl parameter of snapshots"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Adam Korczynski"
          ],
          "organization": "ADA Logics"
        },
        {
          "names": [
            "OSS-Fuzz"
          ]
        }
      ],
      "cve": "CVE-2022-41715",
      "discovery_date": "2022-10-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2132872"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: regexp/syntax: limit memory used by parsing regexps",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41715"
        },
        {
          "category": "external",
          "summary": "RHBZ#2132872",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/55949",
          "url": "https://github.com/golang/go/issues/55949"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
          "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
        }
      ],
      "release_date": "2022-10-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: regexp/syntax: limit memory used by parsing regexps"
    },
    {
      "cve": "CVE-2022-41912",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2022-11-29T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2149181"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable  compromising system integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Whilst the Red Hat Advanced Cluster Management for Kubernetes (RHACM) acm-grafana container include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nThe OCP grafana-container includes the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Therefore the impact by this flaw is reduced from Critical to Important.\n\nWhile Red Hat Ceph Storage 4\u0027s grafana-container includes the affected code, this is used for logging and limits access to the rest of the Ceph cluster. Thus the impact has been reduced from critical to important. Red Hat Ceph Storage 3 and 4 do not use crewjam/saml in their version of grafana.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
          "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41912"
        },
        {
          "category": "external",
          "summary": "RHBZ#2149181",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149181"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41912",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41912"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912"
        },
        {
          "category": "external",
          "summary": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g",
          "url": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g"
        }
      ],
      "release_date": "2022-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T15:59:41+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage\ncluster using cephadm in the Red Hat Storage Ceph Upgrade\nGuide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3642"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2_s390x",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676_ppc64le",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661_amd64",
            "9Base-RHCEPH-6.1-Tools:rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-24675 (GCVE-0-2022-24675)

Tags

Sightings

Nomenclature