RHSA-2018:2013
Vulnerability from csaf_redhat - Published: 2018-06-27 18:01 - Updated: 2026-02-20 17:12Summary
Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:2014
Security Fix(es):
* routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070)
* openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085)
* source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat).
Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html
All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Improper input validation of the Openshift Routing configuration can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.
6.5 (Medium)
Vendor Fix
For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.
https://access.redhat.com/errata/RHSA-2018:2013
OpenShift and Atomic Enterprise Ansible deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.
9.0 (Critical)
Vendor Fix
For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.
https://access.redhat.com/errata/RHSA-2018:2013
Workaround
On master nodes where etcd has been installed using the container method:
0. Verify you can connect to etcd without providing TLS authentication credentials. On any master node, check the ETCD_LISTEN_CLIENT_URLS in /etc/etcd/etcd.conf, and use one of the client urls to connect without providing a certificate, eg:
curl -4 curl https://10.0.1.1:2379/version -k
0a. If vulnerable output will show something like this:
{"etcdserver":"3.2.15","etcdcluster":"3.2.0"}
0b. If not affected the connection will fail with:
curl: (58) NSS: client certificate not found (nickname not specified)
1. update /etc/etcd/etcd.conf on the master nodes to remove quotes from these fields:
ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_CLIENT_CERT_AUTH="true"
eg.
ETCD_PEER_CLIENT_CERT_AUTH=true
ETCD_CLIENT_CERT_AUTH=true
2. Restart the etcd container service:
sudo systemctl restart etcd_container
3. Test if client authentication is now required using the steps from 0. above.
A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
8.5 (High)
Vendor Fix
For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.
https://access.redhat.com/errata/RHSA-2018:2013
References
Acknowledgments
Red Hat
Mark Chappell
Comcast
David Hocky
Red Hat
Jeremy Choi
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:2014\n\nSecurity Fix(es):\n\n* routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070)\n\n* openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085)\n\n* source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat).\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nAll OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2013",
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html",
"url": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html"
},
{
"category": "external",
"summary": "1466390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466390"
},
{
"category": "external",
"summary": "1498398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498398"
},
{
"category": "external",
"summary": "1506175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506175"
},
{
"category": "external",
"summary": "1507429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1507429"
},
{
"category": "external",
"summary": "1512042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512042"
},
{
"category": "external",
"summary": "1525642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525642"
},
{
"category": "external",
"summary": "1529575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529575"
},
{
"category": "external",
"summary": "1531096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531096"
},
{
"category": "external",
"summary": "1534311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534311"
},
{
"category": "external",
"summary": "1534894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534894"
},
{
"category": "external",
"summary": "1537872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537872"
},
{
"category": "external",
"summary": "1538215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538215"
},
{
"category": "external",
"summary": "1539252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539252"
},
{
"category": "external",
"summary": "1539310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539310"
},
{
"category": "external",
"summary": "1539529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539529"
},
{
"category": "external",
"summary": "1539757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539757"
},
{
"category": "external",
"summary": "1540819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540819"
},
{
"category": "external",
"summary": "1541212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541212"
},
{
"category": "external",
"summary": "1541350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541350"
},
{
"category": "external",
"summary": "1542387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542387"
},
{
"category": "external",
"summary": "1542460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542460"
},
{
"category": "external",
"summary": "1546097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546097"
},
{
"category": "external",
"summary": "1546324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546324"
},
{
"category": "external",
"summary": "1546936",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546936"
},
{
"category": "external",
"summary": "1548677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548677"
},
{
"category": "external",
"summary": "1549060",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549060"
},
{
"category": "external",
"summary": "1549454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549454"
},
{
"category": "external",
"summary": "1550193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550193"
},
{
"category": "external",
"summary": "1550316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550316"
},
{
"category": "external",
"summary": "1550385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550385"
},
{
"category": "external",
"summary": "1550591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550591"
},
{
"category": "external",
"summary": "1553012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553012"
},
{
"category": "external",
"summary": "1553035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
},
{
"category": "external",
"summary": "1553294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553294"
},
{
"category": "external",
"summary": "1554141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554141"
},
{
"category": "external",
"summary": "1554145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554145"
},
{
"category": "external",
"summary": "1554239",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554239"
},
{
"category": "external",
"summary": "1557040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557040"
},
{
"category": "external",
"summary": "1557822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
},
{
"category": "external",
"summary": "1558183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558183"
},
{
"category": "external",
"summary": "1558997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558997"
},
{
"category": "external",
"summary": "1560311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560311"
},
{
"category": "external",
"summary": "1563150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563150"
},
{
"category": "external",
"summary": "1563673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563673"
},
{
"category": "external",
"summary": "1566238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566238"
},
{
"category": "external",
"summary": "1568815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568815"
},
{
"category": "external",
"summary": "1569030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569030"
},
{
"category": "external",
"summary": "1570065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570065"
},
{
"category": "external",
"summary": "1570581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570581"
},
{
"category": "external",
"summary": "1571601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571601"
},
{
"category": "external",
"summary": "1571944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571944"
},
{
"category": "external",
"summary": "1572786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572786"
},
{
"category": "external",
"summary": "1579096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
},
{
"category": "external",
"summary": "1580538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580538"
},
{
"category": "external",
"summary": "1583895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583895"
},
{
"category": "external",
"summary": "1585243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585243"
},
{
"category": "external",
"summary": "1586076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586076"
},
{
"category": "external",
"summary": "1588009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588009"
},
{
"category": "external",
"summary": "1588768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2013.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-02-20T17:12:47+00:00",
"generator": {
"date": "2026-02-20T17:12:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2018:2013",
"initial_release_date": "2018-06-27T18:01:43+00:00",
"revision_history": [
{
"date": "2018-06-27T18:01:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-27T18:01:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-20T17:12:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.9",
"product": {
"name": "Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"product": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"product": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"product": {
"name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"product_id": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-node-exporter@3.9.31-1.git.890.a55de06.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.31-1.git.351.1bd46ed.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"product": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"product": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"product": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"product": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mysql-apb-role-0:1.1.11-1.el7.src",
"product": {
"name": "mysql-apb-role-0:1.1.11-1.el7.src",
"product_id": "mysql-apb-role-0:1.1.11-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"product": {
"name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"product_id": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.31-1.git.890.a55de06.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"product": {
"name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"product_id": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src"
},
"product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src"
},
"product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64"
},
"product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src"
},
"product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64"
},
"product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src"
},
"product_reference": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-apb-role-0:1.1.11-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch"
},
"product_reference": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-apb-role-0:1.1.11-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src"
},
"product_reference": "mysql-apb-role-0:1.1.11-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src"
},
"product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
},
"product_reference": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mark Chappell"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-1070",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553035"
}
],
"notes": [
{
"category": "description",
"text": "Improper input validation of the Openshift Routing configuration can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Routing: Malicous Service configuration can bring down routing for an entire shard.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1070"
},
{
"category": "external",
"summary": "RHBZ#1553035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1070",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1070"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-27T18:01:43+00:00",
"details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Routing: Malicous Service configuration can bring down routing for an entire shard."
},
{
"acknowledgments": [
{
"names": [
"David Hocky"
],
"organization": "Comcast"
}
],
"cve": "CVE-2018-1085",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1557822"
}
],
"notes": [
{
"category": "description",
"text": "OpenShift and Atomic Enterprise Ansible deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects Openshift Container Platform (OCP) only if you use the container installation method. The container installation method is tech preview in 3.7.1. This issue affected all users who did a containerized etcd in OCP versions 3.7.1-3.6.\n\nIf etcd is installed via RPM and run via \u0027/usr/bin/etcd\u0027 it\u0027s not affected by this flaw. You can check if etcd is being run from \u0027/usr//bin/etcd\u0027 using a \u0027ps\u0027 command such as this on the master nodes. If Installed via RPM you should get output similar to:\n\nps -ef | grep etcd\n$/usr/bin/etcd --name=master-0.example.com --data-dir=/var/lib/etcd/ --listen-client-urls=https://10.0.1.1:2379\n\nIf etcd is installed via the container method running \u0027docker ps\u0027 on the master will show a container running the registry.access.redhat.com/rhel7/etcd image, eg:\n\nsudo docker ps --filter name=etcd_container\n$704effa9b0cc registry.access.redhat.com/rhel7/etcd \"/usr/bin/etcd\" 56 minutes ago Up 56 minutes etcd_container",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1085"
},
{
"category": "external",
"summary": "RHBZ#1557822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1085",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085"
}
],
"release_date": "2018-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-27T18:01:43+00:00",
"details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
},
{
"category": "workaround",
"details": "On master nodes where etcd has been installed using the container method:\n\n0. Verify you can connect to etcd without providing TLS authentication credentials. On any master node, check the ETCD_LISTEN_CLIENT_URLS in /etc/etcd/etcd.conf, and use one of the client urls to connect without providing a certificate, eg:\n curl -4 curl https://10.0.1.1:2379/version -k\n\n0a. If vulnerable output will show something like this:\n {\"etcdserver\":\"3.2.15\",\"etcdcluster\":\"3.2.0\"}\n\n0b. If not affected the connection will fail with:\n curl: (58) NSS: client certificate not found (nickname not specified)\n\n1. update /etc/etcd/etcd.conf on the master nodes to remove quotes from these fields:\n ETCD_PEER_CLIENT_CERT_AUTH=\"true\"\n ETCD_CLIENT_CERT_AUTH=\"true\"\neg.\n ETCD_PEER_CLIENT_CERT_AUTH=true\n ETCD_CLIENT_CERT_AUTH=true\n\n2. Restart the etcd container service:\n sudo systemctl restart etcd_container\n\n3. Test if client authentication is now required using the steps from 0. above.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication"
},
{
"acknowledgments": [
{
"names": [
"Jeremy Choi"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10843",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1579096"
}
],
"notes": [
{
"category": "description",
"text": "A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10843"
},
{
"category": "external",
"summary": "RHBZ#1579096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843"
}
],
"release_date": "2018-05-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-27T18:01:43+00:00",
"details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…