Action not permitted
Modal body text goes here.
CVE-2021-23358
Vulnerability from cvelistv5
Published
2021-03-29 13:15
Modified
2024-09-17 03:47
Severity ?
EPSS score ?
Summary
Arbitrary Code Injection
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | underscore |
Version: 1.13.0-0 < unspecified Version: unspecified < 1.13.0-2 Version: 1.3.2 < unspecified Version: unspecified < 1.12.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T13:05:14.728Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71" }, { "name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html" }, { "name": "DSA-4883", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4883" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2021-14" }, { "name": "FEDORA-2021-e49f936d9f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/" }, { "name": "FEDORA-2021-f278299902", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/" }, { "url": "https://security.netapp.com/advisory/ntap-20240808-0003/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-23358", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T15:48:41.938375Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T15:48:53.476Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "underscore", "vendor": "n/a", "versions": [ { "lessThan": "unspecified", "status": "affected", "version": "1.13.0-0", "versionType": "custom" }, { "lessThan": "1.13.0-2", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "affected", "version": "1.3.2", "versionType": "custom" }, { "lessThan": "1.12.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Alessio Della Libera (@d3lla)" } ], "datePublic": "2021-03-29T00:00:00", "descriptions": [ { "lang": "en", "value": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Arbitrary Code Injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-24T04:06:09", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984" }, { "tags": [ "x_refsource_MISC" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503" }, { "tags": [ "x_refsource_MISC" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504" }, { "tags": [ "x_refsource_MISC" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71" }, { "name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html" }, { "name": "DSA-4883", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4883" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2021-14" }, { "name": "FEDORA-2021-e49f936d9f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/" }, { "name": "FEDORA-2021-f278299902", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/" } ], "title": "Arbitrary Code Injection", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2021-03-29T13:13:50.579077Z", "ID": "CVE-2021-23358", "STATE": "PUBLIC", "TITLE": "Arbitrary Code Injection" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "underscore", "version": { "version_data": [ { "version_affected": "\u003e=", "version_value": "1.13.0-0" }, { "version_affected": "\u003c", "version_value": "1.13.0-2" }, { "version_affected": "\u003e=", "version_value": "1.3.2" }, { "version_affected": "\u003c", "version_value": "1.12.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "credit": [ { "lang": "eng", "value": "Alessio Della Libera (@d3lla)" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Arbitrary Code Injection" } ] } ] }, "references": { "reference_data": [ { "name": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984" }, { "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503" }, { "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504" }, { "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505" }, { "name": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71", "refsource": "MISC", "url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71" }, { "name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html" }, { "name": "DSA-4883", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4883" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E" }, { "name": "https://www.tenable.com/security/tns-2021-14", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-14" }, { "name": "FEDORA-2021-e49f936d9f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/" }, { "name": "FEDORA-2021-f278299902", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/" } ] } } } }, "cveMetadata": { "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2021-23358", "datePublished": "2021-03-29T13:15:34.770665Z", "dateReserved": "2021-01-08T00:00:00", "dateUpdated": "2024-09-17T03:47:56.577Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-23358\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2021-03-29T14:15:18.047\",\"lastModified\":\"2024-11-21T05:51:34.207\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.\"},{\"lang\":\"es\",\"value\":\"El paquete underscore desde la versi\u00f3n 1.13.0-0 y anterior a la versi\u00f3n 1.13.0-2, desde la versi\u00f3n 1.3.2 y anterior a la versi\u00f3n 1.12.1, son vulnerables a una ejecuci\u00f3n de c\u00f3digo arbitraria por medio de la funci\u00f3n template, particularmente cuando una propiedad variable es pasada como un argumento ya que no es saneado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.7,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:underscorejs:underscore:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"1.3.2\",\"versionEndExcluding\":\"1.12.1\",\"matchCriteriaId\":\"D9AD5E3F-19FE-436D-9772-67697CF90FA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:underscorejs:underscore:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"1.13.0-0\",\"versionEndExcluding\":\"1.13.0-2\",\"matchCriteriaId\":\"189D2A24-FEEA-4052-9EE3-DAA855476F24\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.18.0\",\"matchCriteriaId\":\"04CA4C0E-255A-4763-AC31-7FE81F720EA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71\",\"source\":\"report@snyk.io\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/\",\"source\":\"report@snyk.io\"},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4883\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240808-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4883\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
gsd-2021-23358
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2021-23358", "description": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.", "id": "GSD-2021-23358", "references": [ "https://www.suse.com/security/cve/CVE-2021-23358.html", "https://www.debian.org/security/2021/dsa-4883", "https://access.redhat.com/errata/RHSA-2021:2865", "https://access.redhat.com/errata/RHSA-2021:1499", "https://access.redhat.com/errata/RHSA-2021:1448", "https://ubuntu.com/security/CVE-2021-23358", "https://advisories.mageia.org/CVE-2021-23358.html", "https://access.redhat.com/errata/RHSA-2022:6393" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-23358" ], "details": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.", "id": "GSD-2021-23358", "modified": "2023-12-13T01:23:30.328136Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2021-03-29T13:13:50.579077Z", "ID": "CVE-2021-23358", "STATE": "PUBLIC", "TITLE": "Arbitrary Code Injection" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "underscore", "version": { "version_data": [ { "version_affected": "\u003e=", "version_value": "1.13.0-0" }, { "version_affected": "\u003c", "version_value": "1.13.0-2" }, { "version_affected": "\u003e=", "version_value": "1.3.2" }, { "version_affected": "\u003c", "version_value": "1.12.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "credit": [ { "lang": "eng", "value": "Alessio Della Libera (@d3lla)" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": " Arbitrary Code Injection" } ] } ] }, "references": { "reference_data": [ { "name": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984" }, { "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503" }, { "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504" }, { "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505" }, { "name": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71", "refsource": "MISC", "url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71" }, { "name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html" }, { "name": "DSA-4883", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4883" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E" }, { "name": "https://www.tenable.com/security/tns-2021-14", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-14" }, { "name": "FEDORA-2021-e49f936d9f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/" }, { "name": "FEDORA-2021-f278299902", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003e=1.3.2 \u003c1.12.1||\u003e=1.13.0-0 \u003c1.13.0-2", "affected_versions": "All versions starting from 1.3.2 before 1.12.1, all versions starting from 1.13.0-0 before 1.13.0-2", "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-937", "CWE-94" ], "date": "2021-09-22", "description": "The underscore package is are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.", "fixed_versions": [ "1.12.1", "1.13.1" ], "identifier": "CVE-2021-23358", "identifiers": [ "CVE-2021-23358" ], "not_impacted": "All versions before 1.3.2, all versions starting from 1.12.1 before 1.13.0-0, all versions starting from 1.13.0-2", "package_slug": "npm/underscore", "pubdate": "2021-03-29", "solution": "Upgrade to versions 1.12.1, 1.13.1 or above.", "title": "Code Injection", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-23358" ], "uuid": "8a3c5e90-404a-48ab-a4a4-d1287d5e694f" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:underscorejs:underscore:*:*:*:*:*:node.js:*:*", "cpe_name": [], "versionEndExcluding": "1.12.1", "versionStartIncluding": "1.3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:underscorejs:underscore:*:*:*:*:*:node.js:*:*", "cpe_name": [], "versionEndExcluding": "1.13.0-2", "versionStartIncluding": "1.13.0-0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.18.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "report@snyk.io", "ID": "CVE-2021-23358" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-94" } ] } ] }, "references": { "reference_data": [ { "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505", "refsource": "MISC", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505" }, { "name": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71", "refsource": "MISC", "tags": [ "Broken Link" ], "url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71" }, { "name": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984", "refsource": "MISC", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984" }, { "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504", "refsource": "MISC", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504" }, { "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503", "refsource": "MISC", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503" }, { "name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html" }, { "name": "DSA-4883", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4883" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E" }, { "name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E" }, { "name": "https://www.tenable.com/security/tns-2021-14", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2021-14" }, { "name": "FEDORA-2021-e49f936d9f", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/" }, { "name": "FEDORA-2021-f278299902", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9 } }, "lastModifiedDate": "2021-09-22T19:49Z", "publishedDate": "2021-03-29T14:15Z" } } }
ghsa-cf4h-3jhx-xvhq
Vulnerability from github
Published
2021-05-06 16:09
Modified
2022-09-30 02:23
Severity ?
Summary
Arbitrary Code Execution in underscore
Details
The package underscore
from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
{ "affected": [ { "ecosystem_specific": { "affected_functions": [ "(underscore).template" ] }, "package": { "ecosystem": "npm", "name": "underscore" }, "ranges": [ { "events": [ { "introduced": "1.3.2" }, { "fixed": "1.12.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2021-23358" ], "database_specific": { "cwe_ids": [ "CWE-94" ], "github_reviewed": true, "github_reviewed_at": "2021-03-31T21:59:00Z", "nvd_published_at": "2021-03-29T14:15:00Z", "severity": "CRITICAL" }, "details": "The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.", "id": "GHSA-cf4h-3jhx-xvhq", "modified": "2022-09-30T02:23:38Z", "published": "2021-05-06T16:09:43Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358" }, { "type": "WEB", "url": "https://github.com/jashkenas/underscore/pull/2917" }, { "type": "WEB", "url": "https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66" }, { "type": "WEB", "url": "https://www.tenable.com/security/tns-2021-14" }, { "type": "WEB", "url": "https://www.npmjs.com/package/underscore" }, { "type": "WEB", "url": "https://www.debian.org/security/2021/dsa-4883" }, { "type": "WEB", "url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984" }, { "type": "WEB", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503" }, { "type": "WEB", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505" }, { "type": "WEB", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E" }, { "type": "WEB", "url": "https://github.com/jashkenas/underscore/releases/tag/1.12.1" }, { "type": "WEB", "url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71" }, { "type": "PACKAGE", "url": "https://github.com/jashkenas/underscore" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Arbitrary Code Execution in underscore" }
rhsa-2021_2865
Vulnerability from csaf_redhat
Published
2021-07-22 15:14
Modified
2024-11-24 20:22
Summary
Red Hat Security Advisory: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]
Notes
Topic
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The ovirt-engine package provides the manager for virtualization environments.
This manager enables admins to define hosts and networks, as well as to add
storage, create VMs and manage user permissions.
Security Fix(es):
* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)
* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
* nodejs-ua-parser-js: Regular expression denial of service via the regex (CVE-2020-7733)
* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Foreman integration, which allows you to provision bare metal hosts from the Administration Portal using Foreman and then added to the Manager, was deprecated in oVirt 4.4.6 / RHV 4.4.6 and removed completely in oVirt 4.4.7 / RHV 4.4.7.
Similar functionality to provision bare metal hosts can be achieved using Foreman directly and adding an already provisioned host using the Administration Portal or the REST API. (BZ#1901011)
* Adding a message banner to the web administration welcome page is straight forward using custom branding that only contains a preamble section.
An example of preamble branding is given here: https://bugzilla.redhat.com/attachment.cgi?id=1783329.
In an engine upgrade, the custom preamble brand remains in place and will work without issue.
During engine backup and subsequent restore, on engine restore the custom preamble branding needs to be manually restored/reinstalled and verified. (BZ#1804774)
* The column name threads_per_core in the Red hat Virtualization manager Dashboard is being deprecated, and will be removed in a future release.
In version 4.4.7.2 the column name for threads_per_core will be changed to number_of_threads.
In the Data Warehouse, the old name will be retained as an additional alias, resulting in 2 columns providing the same data: number_of_threads and threads_per_core, and threads_per_core will be removed in a future version. (BZ#1896359)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The ovirt-engine package provides the manager for virtualization environments.\nThis manager enables admins to define hosts and networks, as well as to add\nstorage, create VMs and manage user permissions.\n\nSecurity Fix(es):\n\n* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-ua-parser-js: Regular expression denial of service via the regex (CVE-2020-7733)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Foreman integration, which allows you to provision bare metal hosts from the Administration Portal using Foreman and then added to the Manager, was deprecated in oVirt 4.4.6 / RHV 4.4.6 and removed completely in oVirt 4.4.7 / RHV 4.4.7.\n\nSimilar functionality to provision bare metal hosts can be achieved using Foreman directly and adding an already provisioned host using the Administration Portal or the REST API. (BZ#1901011)\n\n* Adding a message banner to the web administration welcome page is straight forward using custom branding that only contains a preamble section. \nAn example of preamble branding is given here: https://bugzilla.redhat.com/attachment.cgi?id=1783329.\n\nIn an engine upgrade, the custom preamble brand remains in place and will work without issue.\n\nDuring engine backup and subsequent restore, on engine restore the custom preamble branding needs to be manually restored/reinstalled and verified. (BZ#1804774)\n\n* The column name threads_per_core in the Red hat Virtualization manager Dashboard is being deprecated, and will be removed in a future release.\nIn version 4.4.7.2 the column name for threads_per_core will be changed to number_of_threads.\nIn the Data Warehouse, the old name will be retained as an additional alias, resulting in 2 columns providing the same data: number_of_threads and threads_per_core, and threads_per_core will be removed in a future version. (BZ#1896359)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2865", "url": "https://access.redhat.com/errata/RHSA-2021:2865" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1752996", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752996" }, { "category": "external", "summary": "1765644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765644" }, { "category": "external", "summary": "1779983", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779983" }, { "category": "external", "summary": "1804774", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804774" }, { "category": "external", "summary": "1817346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817346" }, { "category": "external", "summary": "1877478", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877478" }, { "category": "external", "summary": "1879733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879733" }, { "category": "external", "summary": "1887434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887434" }, { "category": "external", "summary": "1888354", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888354" }, { "category": "external", "summary": "1896359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896359" }, { "category": "external", "summary": "1901011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901011" }, { "category": "external", "summary": "1902179", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902179" }, { "category": "external", "summary": "1937714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937714" }, { "category": "external", "summary": "1939198", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939198" }, { "category": "external", "summary": "1941581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941581" }, { "category": "external", "summary": "1944286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "category": "external", "summary": "1945459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459" }, { "category": "external", "summary": "1946876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946876" }, { "category": "external", "summary": "1951579", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951579" }, { "category": "external", "summary": "1954878", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954878" }, { "category": "external", "summary": "1955582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955582" }, { "category": "external", "summary": "1956818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956818" }, { "category": "external", "summary": "1960968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960968" }, { "category": "external", "summary": "1961338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961338" }, { "category": "external", "summary": "1967169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967169" }, { "category": "external", "summary": "1970718", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970718" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2865.json" } ], "title": "Red Hat Security Advisory: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]", "tracking": { "current_release_date": "2024-11-24T20:22:58+00:00", "generator": { "date": "2024-11-24T20:22:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:2865", "initial_release_date": "2021-07-22T15:14:23+00:00", "revision_history": [ { "date": "2021-07-22T15:14:23+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-07-22T15:14:23+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-24T20:22:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product": { "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "product": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "product_id": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap@1.4.4-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "product": { "name": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "product_id": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.10-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "rhvm-branding-rhv-0:4.4.9-1.el8ev.src", "product": { "name": "rhvm-branding-rhv-0:4.4.9-1.el8ev.src", "product_id": "rhvm-branding-rhv-0:4.4.9-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.9-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src", "product": { "name": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src", "product_id": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.2.7-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-web-ui-0:1.7.0-1.el8ev.src", "product": { "name": "ovirt-web-ui-0:1.7.0-1.el8ev.src", "product_id": "ovirt-web-ui-0:1.7.0-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-web-ui@1.7.0-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "product": { "name": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "product_id": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.4.7.3-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "product": { "name": "ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "product_id": "ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine@4.4.7.6-0.11.el8ev?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "product": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "product_id": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap@1.4.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "product": { "name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "product_id": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap-setup@1.4.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "product": { "name": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "product_id": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.10-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "product": { "name": "rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "product_id": "rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.9-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "product": { "name": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "product_id": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.2.7-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "product": { "name": "ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "product_id": "ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-web-ui@1.7.0-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.4.7.3-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh-grafana-integration-setup@4.4.7.3-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh-setup@4.4.7.3-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhvm-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "rhvm-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "rhvm-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm@4.4.7.6-0.11.el8ev?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-0:4.4.7.6-0.11.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src" }, "product_reference": "ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src" }, "product_reference": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch" }, "product_reference": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src" }, "product_reference": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch" }, "product_reference": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch" }, "product_reference": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" }, "product_reference": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-web-ui-0:1.7.0-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch" }, "product_reference": "ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-web-ui-0:1.7.0-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src" }, "product_reference": "ovirt-web-ui-0:1.7.0-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch" }, "product_reference": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src" }, "product_reference": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "rhvm-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch" }, "product_reference": "rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-branding-rhv-0:4.4.9-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" }, "product_reference": "rhvm-branding-rhv-0:4.4.9-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-7733", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-09-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1879733" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-ua-parser-js. The software is vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ua-parser-js: Regular expression denial of service via the regex", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenShift Container Platform 4 delivers the kibana package where the ua-parser-js library is bundled, but during the update to container first (to openshift4/ose-logging-kibana6) the dependency was removed and hence kibana package is marked as wontfix. This may be fixed in the future.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-7733" }, { "category": "external", "summary": "RHBZ#1879733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879733" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7733", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7733" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7733", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7733" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226", "url": "https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226" } ], "release_date": "2020-09-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-22T15:14:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2865" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-ua-parser-js: Regular expression denial of service via the regex" }, { "cve": "CVE-2020-28469", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-01T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1945459" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent function. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-glob-parent: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "While some components do package a vulnerable version of glob-parent, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n - OpenShift Container Platform (OCP)\n - OpenShift ServiceMesh (OSSM)\n - Red Hat Advanced Cluster Management for Kubernetes (RHACM)\n - OpenShift distributed tracing", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28469" }, { "category": "external", "summary": "RHBZ#1945459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28469", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905", "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905" } ], "release_date": "2021-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-22T15:14:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2865" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-glob-parent: Regular expression denial of service" }, { "cve": "CVE-2021-23343", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-05-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956818" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Had Quay , whilst a vulnerable version of `path-parse` is included in the quay-rhel8 container it is a development dependency only, hence the impact by this vulnerability is low.\n\nIn OpenShift Container Platform (OCP), the hadoop component which is a part of the OCP metering stack, ships the vulnerable version of \u0027path-parse\u0027.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected component is marked as wontfix.\nThis may be fixed in the future.\n\nIn Red Hat OpenShift Container Storage 4 the noobaa-core container includes the affected version of `path-parse`, however the vulnerable functionality is currently not used in any part of the product.\n\nIn Red Hat Virtualization cockpit-ovirt, ovirt-engine-ui-extensions and ovirt-web-ui use vulnerable version of `path-parse`, however for cockpit-ovirt it is a development time dependency only, and for ovirt-engine-ui-extensions and ovirt-web-ui the vulnerable functions are never used.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23343" }, { "category": "external", "summary": "RHBZ#1956818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956818" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23343", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23343" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23343", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23343" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067", "url": "https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067" } ], "release_date": "2021-05-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-22T15:14:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2865" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe" }, { "cve": "CVE-2021-23358", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-03-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1944286" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-underscore: Arbitrary code execution via the template function", "title": "Vulnerability summary" }, { "category": "other", "text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23358" }, { "category": "external", "summary": "RHBZ#1944286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358" } ], "release_date": "2021-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-22T15:14:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2865" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-underscore: Arbitrary code execution via the template function" } ] }
rhsa-2021_1448
Vulnerability from csaf_redhat
Published
2021-04-28 16:58
Modified
2024-11-13 22:21
Summary
Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.0.10 security and bug fix updates
Notes
Topic
Red Hat Advanced Cluster Management for Kubernetes 2.0.10 General
Availability release, which fixes bugs and security issues.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images
Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which resolve some security issues and bugs. See
the following Release Notes documentation, which will be updated shortly
for this release, for details about this
release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/release_notes/
Security fixes:
* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)
For more details about the security issue, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug fix:
* RHACM 2.0.10 images (BZ #1940452)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Advanced Cluster Management for Kubernetes 2.0.10 General\nAvailability release, which fixes bugs and security issues.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which resolve some security issues and bugs. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/release_notes/\n\nSecurity fixes: \n\n* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1448", "url": "https://access.redhat.com/errata/RHSA-2021:1448" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1940452", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940452" }, { "category": "external", "summary": "1944286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1448.json" } ], "title": "Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.0.10 security and bug fix updates", "tracking": { "current_release_date": "2024-11-13T22:21:17+00:00", "generator": { "date": "2024-11-13T22:21:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2021:1448", "initial_release_date": "2021-04-28T16:58:10+00:00", "revision_history": [ { "date": "2021-04-28T16:58:10+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-04-28T16:58:10+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-13T22:21:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Advanced Cluster Management for Kubernetes 2.0 for RHEL 8", "product": { "name": "Red Hat Advanced Cluster Management for Kubernetes 2.0 for RHEL 8", "product_id": "8Base-RHACM-2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:acm:2.0::el8" } } } ], "category": "product_family", "name": "Red Hat ACM" }, { "branches": [ { "category": "product_version", "name": "rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64", "product": { "name": "rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64", "product_id": "rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64", "product_identification_helper": { "purl": "pkg:oci/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acm-operator-bundle\u0026tag=v2.0.10-8" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.0 for RHEL 8", "product_id": "8Base-RHACM-2.0:rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64" }, "product_reference": "rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64", "relates_to_product_reference": "8Base-RHACM-2.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-23358", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-03-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1944286" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-underscore: Arbitrary code execution via the template function", "title": "Vulnerability summary" }, { "category": "other", "text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACM-2.0:rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23358" }, { "category": "external", "summary": "RHBZ#1944286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358" } ], "release_date": "2021-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-28T16:58:10+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html-single/install/index#installing", "product_ids": [ "8Base-RHACM-2.0:rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1448" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHACM-2.0:rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-underscore: Arbitrary code execution via the template function" } ] }
rhsa-2021_1499
Vulnerability from csaf_redhat
Published
2021-05-04 20:14
Modified
2024-11-22 16:29
Summary
Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.3 security and bug fix update
Notes
Topic
Red Hat Advanced Cluster Management for Kubernetes 2.2.3 General Availability
release images, which fix several bugs and security issues.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat Advanced Cluster Management for Kubernetes 2.2.3 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to
address common challenges that administrators and site reliability engineers
face as they work across a range of public and private cloud environments.
Clusters and applications are all visible and managed from a single console—with
security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs and security issues. See the
following Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security fixes:
* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)
* nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)
* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)
* nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
pages listed in the References section.
Bug fixes:
* ACM UI is not escaping cluster names (BZ# 1936883)
* specify "folder:" for vsphere cluster creation result empty namespace ,no hive (BZ# 1943092)
* RHACM 2.2.3 images (BZ# 1949103)
* Applications won't create properly on native K8S cluster (BZ# 1951384)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Advanced Cluster Management for Kubernetes 2.2.3 General Availability\nrelease images, which fix several bugs and security issues.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Advanced Cluster Management for Kubernetes 2.2.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to\naddress common challenges that administrators and site reliability engineers\nface as they work across a range of public and private cloud environments.\nClusters and applications are all visible and managed from a single console\u2014with\nsecurity policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs and security issues. See the\nfollowing Release Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)\n\n* nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section.\n\nBug fixes: \n\n* ACM UI is not escaping cluster names (BZ# 1936883)\n\n* specify \"folder:\" for vsphere cluster creation result empty namespace ,no hive (BZ# 1943092)\n\n* RHACM 2.2.3 images (BZ# 1949103)\n\n* Applications won\u0027t create properly on native K8S cluster (BZ# 1951384)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1499", "url": "https://access.redhat.com/errata/RHSA-2021:1499" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1936883", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936883" }, { "category": "external", "summary": "1939103", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103" }, { "category": "external", "summary": "1944286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "category": "external", "summary": "1944822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944822" }, { "category": "external", "summary": "1944827", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944827" }, { "category": "external", "summary": "1945459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459" }, { "category": "external", "summary": "1949092", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949092" }, { "category": "external", "summary": "1949103", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949103" }, { "category": "external", "summary": "1951384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951384" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1499.json" } ], "title": "Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.3 security and bug fix update", "tracking": { "current_release_date": "2024-11-22T16:29:53+00:00", "generator": { "date": "2024-11-22T16:29:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:1499", "initial_release_date": "2021-05-04T20:14:19+00:00", "revision_history": [ { "date": "2021-05-04T20:14:19+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-04T20:14:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T16:29:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product": { "name": "Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:acm:2.2::el8" } } }, { "category": "product_name", "name": "Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7", "product": { "name": "Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7", "product_id": "7Server-RHACM-2.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:acm:2.2::el7" } } } ], "category": "product_family", "name": "Red Hat ACM" }, { "branches": [ { "category": "product_version", "name": "rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "product": { "name": "rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "product_id": "rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "product_identification_helper": { "purl": "pkg:oci/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acmesolver-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "product": { "name": "rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "product_id": "rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "product_identification_helper": { "purl": "pkg:oci/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acm-must-gather-rhel8\u0026tag=v2.2.3-2" } } }, { "category": "product_version", "name": "rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "product": { "name": "rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "product_id": "rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "product_identification_helper": { "purl": "pkg:oci/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acm-operator-bundle\u0026tag=v2.2.3-10" } } }, { "category": "product_version", "name": "rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "product": { "name": "rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "product_id": "rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "product_identification_helper": { "purl": "pkg:oci/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/application-ui-rhel8\u0026tag=v2.2.3-5" } } }, { "category": "product_version", "name": "rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "product": { "name": "rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "product_id": "rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "product_identification_helper": { "purl": "pkg:oci/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/cainjector-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "product": { "name": "rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "product_id": "rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "product_identification_helper": { "purl": "pkg:oci/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/cert-manager-controller-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "product": { "name": "rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "product_id": "rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "product_identification_helper": { "purl": "pkg:oci/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/cert-manager-webhook-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "product": { "name": "rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "product_id": "rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "product_identification_helper": { "purl": "pkg:oci/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/cert-policy-controller-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "product": { "name": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "product_id": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "product_identification_helper": { "purl": "pkg:oci/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/clusterlifecycle-state-metrics-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "product": { "name": "rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "product_id": "rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "product_identification_helper": { "purl": "pkg:oci/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/configmap-watcher-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "product": { "name": "rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "product_id": "rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "product_identification_helper": { "purl": "pkg:oci/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/config-policy-controller-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "product": { "name": "rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "product_id": "rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "product_identification_helper": { "purl": "pkg:oci/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/console-api-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "product": { "name": "rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "product_id": "rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "product_identification_helper": { "purl": "pkg:oci/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/console-rhel8\u0026tag=v2.2.3-5" } } }, { "category": "product_version", "name": "rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "product": { "name": "rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "product_id": "rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "product_identification_helper": { "purl": "pkg:oci/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/console-header-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "product": { "name": "rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "product_id": "rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "product_identification_helper": { "purl": "pkg:oci/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/endpoint-component-rhel8-operator\u0026tag=v2.2.3-2" } } }, { "category": "product_version", "name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "product": { "name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "product_id": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "product_identification_helper": { "purl": "pkg:oci/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/endpoint-monitoring-rhel8-operator\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "product": { "name": "rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "product_id": "rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "product_identification_helper": { "purl": "pkg:oci/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/endpoint-rhel8-operator\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "product": { "name": "rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "product_id": "rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "product_identification_helper": { "purl": "pkg:oci/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-propagator-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "product": { "name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "product_id": "rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "product_identification_helper": { "purl": "pkg:oci/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-spec-sync-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "product": { "name": "rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "product_id": "rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "product_identification_helper": { "purl": "pkg:oci/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-status-sync-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "product": { "name": "rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "product_id": "rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "product_identification_helper": { "purl": "pkg:oci/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-template-sync-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "product": { "name": "rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "product_id": "rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "product_identification_helper": { "purl": "pkg:oci/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/grafana-dashboard-loader-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "product": { "name": "rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "product_id": "rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "product_identification_helper": { "purl": "pkg:oci/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/grc-ui-api-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "product": { "name": "rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "product_id": "rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "product_identification_helper": { "purl": "pkg:oci/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/grc-ui-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "product": { "name": "rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "product_id": "rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "product_identification_helper": { "purl": "pkg:oci/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/iam-policy-controller-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "product": { "name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "product_id": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "product_identification_helper": { "purl": "pkg:oci/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/klusterlet-addon-lease-controller-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "product": { "name": "rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "product_id": "rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "product_identification_helper": { "purl": "pkg:oci/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/klusterlet-operator-bundle\u0026tag=v2.2.3-8" } } }, { "category": "product_version", "name": "rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "product": { "name": "rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "product_id": "rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "product_identification_helper": { "purl": "pkg:oci/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/kui-web-terminal-rhel8\u0026tag=v2.2.3-5" } } }, { "category": "product_version", "name": "rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "product": { "name": "rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "product_id": "rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "product_identification_helper": { "purl": "pkg:oci/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/management-ingress-rhel7\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "product": { "name": "rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "product_id": "rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "product_identification_helper": { "purl": "pkg:oci/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/mcm-topology-api-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "product": { "name": "rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "product_id": "rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "product_identification_helper": { "purl": "pkg:oci/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/mcm-topology-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "product": { "name": "rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "product_id": "rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "product_identification_helper": { "purl": "pkg:oci/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/memcached-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "product": { "name": "rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "product_id": "rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "product_identification_helper": { "purl": "pkg:oci/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/memcached-exporter-rhel7\u0026tag=v2.2.3-2" } } }, { "category": "product_version", "name": "rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "product": { "name": "rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "product_id": "rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "product_identification_helper": { "purl": "pkg:oci/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/metrics-collector-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "product": { "name": "rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "product_id": "rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "product_identification_helper": { "purl": "pkg:oci/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicloud-manager-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "product": { "name": "rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "product_id": "rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "product_identification_helper": { "purl": "pkg:oci/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multiclusterhub-rhel8\u0026tag=v2.2.3-10" } } }, { "category": "product_version", "name": "rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "product": { "name": "rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "product_id": "rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "product_identification_helper": { "purl": "pkg:oci/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multiclusterhub-repo-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "product": { "name": "rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "product_id": "rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "product_identification_helper": { "purl": "pkg:oci/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-observability-rhel8-operator\u0026tag=v2.2.3-5" } } }, { "category": "product_version", "name": "rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "product": { "name": "rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "product_id": "rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "product_identification_helper": { "purl": "pkg:oci/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-application-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "product": { "name": "rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "product_id": "rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "product_identification_helper": { "purl": "pkg:oci/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-channel-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "product": { "name": "rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "product_id": "rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "product_identification_helper": { "purl": "pkg:oci/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-deployable-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "product": { "name": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "product_id": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "product_identification_helper": { "purl": "pkg:oci/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-placementrule-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "product": { "name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "product_id": "rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "product_identification_helper": { "purl": "pkg:oci/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-subscription-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "product": { "name": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "product_id": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "product_identification_helper": { "purl": "pkg:oci/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-subscription-release-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "product": { "name": "rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "product_id": "rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "product_identification_helper": { "purl": "pkg:oci/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/observatorium-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "product": { "name": "rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "product_id": "rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "product_identification_helper": { "purl": "pkg:oci/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/observatorium-rhel8-operator\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "product": { "name": "rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "product_id": "rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/openshift-hive-rhel7\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "product": { "name": "rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "product_id": "rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "product_identification_helper": { "purl": "pkg:oci/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/rbac-query-proxy-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "product": { "name": "rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "product_id": "rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "product_identification_helper": { "purl": "pkg:oci/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/rcm-controller-rhel8\u0026tag=v2.2.3-5" } } }, { "category": "product_version", "name": "rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "product": { "name": "rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "product_id": "rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "product_identification_helper": { "purl": "pkg:oci/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/redisgraph-tls-rhel8\u0026tag=v2.2.3-2" } } }, { "category": "product_version", "name": "rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "product": { "name": "rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "product_id": "rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "product_identification_helper": { "purl": "pkg:oci/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/registration-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "product": { "name": "rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "product_id": "rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "product_identification_helper": { "purl": "pkg:oci/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/registration-rhel8-operator\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "product": { "name": "rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "product_id": "rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "product_identification_helper": { "purl": "pkg:oci/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-aggregator-rhel7\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "product": { "name": "rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "product_id": "rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "product_identification_helper": { "purl": "pkg:oci/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-api-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "product": { "name": "rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "product_id": "rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "product_identification_helper": { "purl": "pkg:oci/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-collector-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "product": { "name": "rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "product_id": "rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "product_identification_helper": { "purl": "pkg:oci/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "product": { "name": "rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "product_id": "rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "product_identification_helper": { "purl": "pkg:oci/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-ui-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "product": { "name": "rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "product_id": "rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "product_identification_helper": { "purl": "pkg:oci/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-addon-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "product": { "name": "rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "product_id": "rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "product_identification_helper": { "purl": "pkg:oci/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/thanos-rhel7\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "product": { "name": "rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "product_id": "rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "product_identification_helper": { "purl": "pkg:oci/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/thanos-receive-controller-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64", "product": { "name": "rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64", "product_id": "rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64", "product_identification_helper": { "purl": "pkg:oci/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/work-rhel8\u0026tag=v2.2.3-3" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "product": { "name": "rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "product_id": "rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "product_identification_helper": { "purl": "pkg:oci/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/cert-policy-controller-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "product": { "name": "rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "product_id": "rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "product_identification_helper": { "purl": "pkg:oci/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/config-policy-controller-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "product": { "name": "rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "product_id": "rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "product_identification_helper": { "purl": "pkg:oci/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/endpoint-component-rhel8-operator\u0026tag=v2.2.3-2" } } }, { "category": "product_version", "name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "product": { "name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "product_id": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "product_identification_helper": { "purl": "pkg:oci/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/endpoint-monitoring-rhel8-operator\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "product": { "name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "product_id": "rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "product_identification_helper": { "purl": "pkg:oci/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-spec-sync-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "product": { "name": "rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "product_id": "rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "product_identification_helper": { "purl": "pkg:oci/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-status-sync-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "product": { "name": "rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "product_id": "rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "product_identification_helper": { "purl": "pkg:oci/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-template-sync-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "product": { "name": "rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "product_id": "rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "product_identification_helper": { "purl": "pkg:oci/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/iam-policy-controller-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "product": { "name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "product_id": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "product_identification_helper": { "purl": "pkg:oci/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/klusterlet-addon-lease-controller-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "product": { "name": "rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "product_id": "rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "product_identification_helper": { "purl": "pkg:oci/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/metrics-collector-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "product": { "name": "rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "product_id": "rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "product_identification_helper": { "purl": "pkg:oci/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/multicloud-manager-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "product": { "name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "product_id": "rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "product_identification_helper": { "purl": "pkg:oci/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-subscription-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "product": { "name": "rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "product_id": "rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "product_identification_helper": { "purl": "pkg:oci/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/registration-rhel8\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "product": { "name": "rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "product_id": "rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "product_identification_helper": { "purl": "pkg:oci/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/registration-rhel8-operator\u0026tag=v2.2.3-4" } } }, { "category": "product_version", "name": "rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "product": { "name": "rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "product_id": "rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "product_identification_helper": { "purl": "pkg:oci/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/search-collector-rhel8\u0026tag=v2.2.3-3" } } }, { "category": "product_version", "name": "rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "product": { "name": "rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "product_id": "rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "product_identification_helper": { "purl": "pkg:oci/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/work-rhel8\u0026tag=v2.2.3-3" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7", "product_id": "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64" }, "product_reference": "rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "relates_to_product_reference": "7Server-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7", "product_id": "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64" }, "product_reference": "rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "relates_to_product_reference": "7Server-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7", "product_id": "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64" }, "product_reference": "rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "relates_to_product_reference": "7Server-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7", "product_id": "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64" }, "product_reference": "rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "relates_to_product_reference": "7Server-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7", "product_id": "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64" }, "product_reference": "rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "relates_to_product_reference": "7Server-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64" }, "product_reference": "rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64" }, "product_reference": "rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64" }, "product_reference": "rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64" }, "product_reference": "rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64" }, "product_reference": "rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64" }, "product_reference": "rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64" }, "product_reference": "rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x" }, "product_reference": "rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64" }, "product_reference": "rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64" }, "product_reference": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64" }, "product_reference": "rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x" }, "product_reference": "rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64" }, "product_reference": "rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64" }, "product_reference": "rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64" }, "product_reference": "rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64" }, "product_reference": "rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x" }, "product_reference": "rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64" }, "product_reference": "rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64" }, "product_reference": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x" }, "product_reference": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64" }, "product_reference": "rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64" }, "product_reference": "rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64" }, "product_reference": "rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x" }, "product_reference": "rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x" }, "product_reference": "rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64" }, "product_reference": "rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x" }, "product_reference": "rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64" }, "product_reference": "rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64" }, "product_reference": "rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64" }, "product_reference": "rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64" }, "product_reference": "rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x" }, "product_reference": "rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64" }, "product_reference": "rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x" }, "product_reference": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64" }, "product_reference": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64" }, "product_reference": "rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64" }, "product_reference": "rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64" }, "product_reference": "rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64" }, "product_reference": "rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64" }, "product_reference": "rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x" }, "product_reference": "rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64" }, "product_reference": "rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64" }, "product_reference": "rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x" }, "product_reference": "rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64" }, "product_reference": "rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64" }, "product_reference": "rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64" }, "product_reference": "rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64" }, "product_reference": "rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64" }, "product_reference": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64" }, "product_reference": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64" }, "product_reference": "rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x" }, "product_reference": "rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64" }, "product_reference": "rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64" }, "product_reference": "rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64" }, "product_reference": "rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64" }, "product_reference": "rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64" }, "product_reference": "rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64" }, "product_reference": "rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64" }, "product_reference": "rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x" }, "product_reference": "rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64" }, "product_reference": "rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x" }, "product_reference": "rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64" }, "product_reference": "rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64" }, "product_reference": "rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64" }, "product_reference": "rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x" }, "product_reference": "rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64" }, "product_reference": "rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64" }, "product_reference": "rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64" }, "product_reference": "rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64" }, "product_reference": "rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x" }, "product_reference": "rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "relates_to_product_reference": "8Base-RHACM-2.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8", "product_id": "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" }, "product_reference": "rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64", "relates_to_product_reference": "8Base-RHACM-2.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-28469", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1945459" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent function. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-glob-parent: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "While some components do package a vulnerable version of glob-parent, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n - OpenShift Container Platform (OCP)\n - OpenShift ServiceMesh (OSSM)\n - Red Hat Advanced Cluster Management for Kubernetes (RHACM)\n - OpenShift distributed tracing", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28469" }, { "category": "external", "summary": "RHBZ#1945459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28469", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905", "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905" } ], "release_date": "2021-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-04T20:14:19+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing", "product_ids": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1499" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-glob-parent: Regular expression denial of service" }, { "cve": "CVE-2021-23358", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-03-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1944286" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-underscore: Arbitrary code execution via the template function", "title": "Vulnerability summary" }, { "category": "other", "text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23358" }, { "category": "external", "summary": "RHBZ#1944286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358" } ], "release_date": "2021-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-04T20:14:19+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing", "product_ids": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1499" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs-underscore: Arbitrary code execution via the template function" }, { "cve": "CVE-2021-28092", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1939103" } ], "notes": [ { "category": "description", "text": "A flaw was found in is-svg package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS).\r\nThe highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-is-svg: ReDoS via malicious string", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenShift Container Platform (RHOCP) 4 delivers the kibana package where the nodejs-is-svg package is bundled, but during the update to container first (to openshift4/ose-logging-kibana6 since OCP 4.5) the dependency was removed and hence kibana package is marked as wontfix. This may be fixed in the future.\n\nIn OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Container Platform (RHOCP) the affected components are behind OpenShift OAuth. This restricts access to the vulnerable nodejs-is-svg to authenticated users only, therefore the impact is low.\n\nRed Hat Quay includes is-svg as a dependency of css-loader which is only using during development, not runtime. This issues has been rated low impact for Red Hat Quay.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-28092" }, { "category": "external", "summary": "RHBZ#1939103", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28092", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28092" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28092", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28092" } ], "release_date": "2021-03-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-04T20:14:19+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing", "product_ids": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1499" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-is-svg: ReDoS via malicious string" }, { "cve": "CVE-2021-28918", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2021-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1944827" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-netmask. Octal input data may lead to a server-side request forgery, remote file inclusion, local file inclusion, and other vulnerabilities. The highest threat from this vulnerability is to data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-netmask: improper input validation of octal input data", "title": "Vulnerability summary" }, { "category": "other", "text": "The impact of this flaw largely depends on the environment where the affected library is being used. This flaw could be used to redirect an adversary to an exposed, unprotected endpoint. Depending on the functionality of the affected endpoint that could result in a loss of confidentiality, integrity and availability.\nThe affected library is used in Red Hat Advanced Cluster Management for Kubernetes only in the development and build processes. Consequently the severity of this flaw to RHACM is downgraded to low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-28918" }, { "category": "external", "summary": "RHBZ#1944827", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944827" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28918", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28918" }, { "category": "external", "summary": "https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918", "url": "https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918" } ], "release_date": "2021-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-04T20:14:19+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing", "product_ids": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1499" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs-netmask: improper input validation of octal input data" }, { "cve": "CVE-2021-29418", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1944822" } ], "notes": [ { "category": "description", "text": "The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for CVE-2021-28918.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character", "title": "Vulnerability summary" }, { "category": "other", "text": "The impact of this flaw largely depends on the environment where the affected library is being used. This flaw could be used to redirect an adversary to an exposed, unprotected endpoint. Depending on the functionality of the affected endpoint that could result in a loss of confidentiality, integrity and availability. The affected library is used in Red Hat Advanced Cluster Management for Kubernetes only in the development and build processes. Consequently the severity of this flaw to RHACM is downgraded to low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-29418" }, { "category": "external", "summary": "RHBZ#1944822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944822" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29418", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29418" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29418", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29418" }, { "category": "external", "summary": "https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918", "url": "https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918" } ], "release_date": "2021-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-04T20:14:19+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing", "product_ids": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1499" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64", "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64", "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64", "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64", "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64", "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64", "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64", "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64", "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64", "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64", "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x", "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64", "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64", "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x", "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64", "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64", "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64", "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64", "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x", "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x", "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64", "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64", "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x", "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x", "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64", "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64", "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64", "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64", "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x", "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64", "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x", "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64", "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x", "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64", "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64", "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64", "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64", "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64", "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x", "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64", "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64", "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x", "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64", "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64", "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64", "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x", "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character" } ] }
rhsa-2022_6393
Vulnerability from csaf_redhat
Published
2022-09-08 11:31
Modified
2024-12-12 04:13
Summary
Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update
Notes
Topic
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
* ovirt-log-collector: RHVM admin password is logged unfiltered (CVE-2022-2806)
* springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Previously, running engine-setup did not always renew OVN certificates close to expiration or expired. With this release, OVN certificates are always renewed by engine-setup when needed. (BZ#2097558)
* Previously, the Manager issued warnings of approaching certificate expiration before engine-setup could update certificates. In this release expiration warnings and certificate update periods are aligned, and certificates are updated as soon as expiration warnings occur. (BZ#2097725)
* With this release, OVA export or import work on hosts with a non-standard SSH port. (BZ#2104939)
* With this release, the certificate validity test is compatible with RHEL 8 and RHEL 7 based hypervisors. (BZ#2107250)
* RHV 4.4 SP1 and later are only supported on RHEL 8.6, customers cannot use RHEL 8.7 or later, and must stay with RHEL 8.6 EUS. (BZ#2108985)
* Previously, importing templates from the Administration Portal did not work. With this release, importing templates from the Administration Portal is possible. (BZ#2109923)
* ovirt-provider-ovn certificate expiration is checked along with other RHV certificates. If ovirt-provider-ovn is about to expire or already expired, a warning or alert is raised in the audit log. To renew the ovirt-provider-ovn certificate, administators must run engine-setup. If your ovirt-provider-ovn certificate expires on a previous RHV version, upgrade to RHV 4.4 SP1 batch 2 or later, and ovirt-provider-ovn certificate will be renewed automatically in the engine-setup. (BZ#2097560)
* Previously, when importing a virtual machine with manual CPU pinning, the manual pinning string was cleared, but the CPU pinning policy was not set to NONE. As a result, importing failed. In this release, the CPU pinning policy is set to NONE if the CPU pinning string is cleared, and importing succeeds. (BZ#2104115)
* Previously, the Manager could start a virtual machine with a Resize and Pin NUMA policy on a host without an equal number of physical sockets to NUMA nodes. As a result, wrong pinning was assigned to the policy. With this release, the Manager does not allow the virtual machine to be scheduled on such a virtual machine, and the pinning is correct based on the algorithm. (BZ#1955388)
* Rebase package(s) to version: 4.4.7.
Highlights, important fixes, or notable enhancements: fixed BZ#2081676 (BZ#2104831)
* In this release, rhv-log-collector-analyzer provides detailed output for each problematic image, including disk names, associated virtual machine, the host running the virtual machine, snapshots, and current SPM. The detailed view is now the default. The compact option can be set by using the --compact switch in the command line. (BZ#2097536)
* UnboundID LDAP SDK has been rebased on upstream version 6.0.4. See https://github.com/pingidentity/ldapsdk/releases for changes since version 4.0.14 (BZ#2092478)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nSecurity Fix(es):\n\n* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\n* ovirt-log-collector: RHVM admin password is logged unfiltered (CVE-2022-2806)\n\n* springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, running engine-setup did not always renew OVN certificates close to expiration or expired. With this release, OVN certificates are always renewed by engine-setup when needed. (BZ#2097558)\n\n* Previously, the Manager issued warnings of approaching certificate expiration before engine-setup could update certificates. In this release expiration warnings and certificate update periods are aligned, and certificates are updated as soon as expiration warnings occur. (BZ#2097725)\n\n* With this release, OVA export or import work on hosts with a non-standard SSH port. (BZ#2104939)\n\n* With this release, the certificate validity test is compatible with RHEL 8 and RHEL 7 based hypervisors. (BZ#2107250)\n\n* RHV 4.4 SP1 and later are only supported on RHEL 8.6, customers cannot use RHEL 8.7 or later, and must stay with RHEL 8.6 EUS. (BZ#2108985)\n\n* Previously, importing templates from the Administration Portal did not work. With this release, importing templates from the Administration Portal is possible. (BZ#2109923)\n\n* ovirt-provider-ovn certificate expiration is checked along with other RHV certificates. If ovirt-provider-ovn is about to expire or already expired, a warning or alert is raised in the audit log. To renew the ovirt-provider-ovn certificate, administators must run engine-setup. If your ovirt-provider-ovn certificate expires on a previous RHV version, upgrade to RHV 4.4 SP1 batch 2 or later, and ovirt-provider-ovn certificate will be renewed automatically in the engine-setup. (BZ#2097560)\n\n* Previously, when importing a virtual machine with manual CPU pinning, the manual pinning string was cleared, but the CPU pinning policy was not set to NONE. As a result, importing failed. In this release, the CPU pinning policy is set to NONE if the CPU pinning string is cleared, and importing succeeds. (BZ#2104115)\n\n* Previously, the Manager could start a virtual machine with a Resize and Pin NUMA policy on a host without an equal number of physical sockets to NUMA nodes. As a result, wrong pinning was assigned to the policy. With this release, the Manager does not allow the virtual machine to be scheduled on such a virtual machine, and the pinning is correct based on the algorithm. (BZ#1955388)\n\n* Rebase package(s) to version: 4.4.7.\nHighlights, important fixes, or notable enhancements: fixed BZ#2081676 (BZ#2104831)\n\n* In this release, rhv-log-collector-analyzer provides detailed output for each problematic image, including disk names, associated virtual machine, the host running the virtual machine, snapshots, and current SPM. The detailed view is now the default. The compact option can be set by using the --compact switch in the command line. (BZ#2097536)\n\n* UnboundID LDAP SDK has been rebased on upstream version 6.0.4. See https://github.com/pingidentity/ldapsdk/releases for changes since version 4.0.14 (BZ#2092478)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6393", "url": "https://access.redhat.com/errata/RHSA-2022:6393" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "1939284", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939284" }, { "category": "external", "summary": "1944286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "category": "external", "summary": "1955388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955388" }, { "category": "external", "summary": "1974974", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974974" }, { "category": "external", "summary": "2034584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034584" }, { "category": "external", "summary": "2080005", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080005" }, { "category": "external", "summary": "2092478", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092478" }, { "category": "external", "summary": "2094577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094577" }, { "category": "external", "summary": "2097536", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097536" }, { "category": "external", "summary": "2097558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097558" }, { "category": "external", "summary": "2097560", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097560" }, { "category": "external", "summary": "2097725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097725" }, { "category": "external", "summary": "2104115", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104115" }, { "category": "external", "summary": "2104831", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104831" }, { "category": "external", "summary": "2104939", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104939" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2107250", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107250" }, { "category": "external", "summary": "2107267", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107267" }, { "category": "external", "summary": "2108985", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108985" }, { "category": "external", "summary": "2109923", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109923" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6393.json" } ], "title": "Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update", "tracking": { "current_release_date": "2024-12-12T04:13:21+00:00", "generator": { "date": "2024-12-12T04:13:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2022:6393", "initial_release_date": "2022-09-08T11:31:04+00:00", "revision_history": [ { "date": "2022-09-08T11:31:04+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-09-08T11:31:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-12T04:13:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product": { "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "product": { "name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "product_id": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/unboundid-ldapsdk@6.0.4-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "product": { "name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "product_id": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.5-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-web-ui-0:1.9.1-1.el8ev.src", "product": { "name": "ovirt-web-ui-0:1.9.1-1.el8ev.src", "product_id": "ovirt-web-ui-0:1.9.1-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-web-ui@1.9.1-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "product": { "name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "product_id": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.15-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "product": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "product_id": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap@1.4.6-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "product": { "name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "product_id": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.4-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-log-collector-0:4.4.7-2.el8ev.src", "product": { "name": "ovirt-log-collector-0:4.4.7-2.el8ev.src", "product_id": "ovirt-log-collector-0:4.4.7-2.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.7-2.el8ev?arch=src" } } }, { "category": "product_version", "name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "product": { "name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "product_id": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.2-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "product": { "name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "product_id": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine@4.5.2.4-0.1.el8ev?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "product": { "name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "product_id": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/unboundid-ldapsdk@6.0.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "product": { "name": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "product_id": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/unboundid-ldapsdk-javadoc@6.0.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "product": { "name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "product_id": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.5-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "product": { "name": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "product_id": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-web-ui@1.9.1-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "product": { "name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "product_id": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.15-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "product": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "product_id": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap@1.4.6-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "product": { "name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "product_id": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap-setup@1.4.6-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh-grafana-integration-setup@4.5.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh-setup@4.5.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "product": { "name": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "product_id": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.7-2.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "product": { "name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "product_id": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.2-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch", "product": { "name": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch", "product_id": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/vdsm-jsonrpc-java-javadoc@1.7.2-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhvm-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "rhvm-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "rhvm-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm@4.5.2.4-0.1.el8ev?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src" }, "product_reference": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src" }, "product_reference": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch" }, "product_reference": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src" }, "product_reference": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch" }, "product_reference": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch" }, "product_reference": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src" }, "product_reference": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch" }, "product_reference": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-log-collector-0:4.4.7-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src" }, "product_reference": "ovirt-log-collector-0:4.4.7-2.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch" }, "product_reference": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-web-ui-0:1.9.1-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src" }, "product_reference": "ovirt-web-ui-0:1.9.1-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch" }, "product_reference": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src" }, "product_reference": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "rhvm-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch" }, "product_reference": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src" }, "product_reference": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch" }, "product_reference": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch" }, "product_reference": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src" }, "product_reference": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" }, "product_reference": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-11022", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-04-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828406" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "title": "Vulnerability summary" }, { "category": "other", "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11022" }, { "category": "external", "summary": "RHBZ#1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" } ], "release_date": "2020-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-08T11:31:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6393" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method" }, { "cve": "CVE-2020-11023", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-06-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1850004" } ], "notes": [ { "category": "description", "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11023" }, { "category": "external", "summary": "RHBZ#1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "category": "external", "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" } ], "release_date": "2020-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-08T11:31:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6393" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods" }, { "cve": "CVE-2021-22096", "discovery_date": "2021-12-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034584" } ], "notes": [ { "category": "description", "text": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: malicious input leads to insertion of additional log entries", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-22096" }, { "category": "external", "summary": "RHBZ#2034584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034584" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22096", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22096" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22096", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22096" } ], "release_date": "2021-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-08T11:31:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6393" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "springframework: malicious input leads to insertion of additional log entries" }, { "cve": "CVE-2021-23358", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-03-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1944286" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-underscore: Arbitrary code execution via the template function", "title": "Vulnerability summary" }, { "category": "other", "text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23358" }, { "category": "external", "summary": "RHBZ#1944286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358" } ], "release_date": "2021-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-08T11:31:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6393" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-underscore: Arbitrary code execution via the template function" }, { "cve": "CVE-2022-2806", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2022-04-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2080005" } ], "notes": [ { "category": "description", "text": "A flaw was found in the ovirt-log-collector, which led to the logging of plaintext passwords in the log file. This flaw allows an attacker with sufficient privileges to read the log file, leading to a loss of confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "ovirt-log-collector: RHVM admin password is logged unfiltered", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2806" }, { "category": "external", "summary": "RHBZ#2080005", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080005" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2806", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2806" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2806", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2806" } ], "release_date": "2022-05-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-08T11:31:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6393" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ovirt-log-collector: RHVM admin password is logged unfiltered" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-08T11:31:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6393" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" } ] }
wid-sec-w-2024-3197
Vulnerability from csaf_certbund
Published
2024-10-15 22:00
Modified
2024-10-15 22:00
Summary
Oracle Commerce: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Commerce ist eine elektronische Handelsplattform.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Commerce ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Commerce ist eine elektronische Handelsplattform.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Commerce ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-3197 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3197.json" }, { "category": "self", "summary": "WID-SEC-2024-3197 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3197" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Commerce vom 2024-10-15", "url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixOCOM" } ], "source_lang": "en-US", "title": "Oracle Commerce: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-10-15T22:00:00.000+00:00", "generator": { "date": "2024-10-16T10:12:41.528+00:00", "engine": { "name": "BSI-WID", "version": "1.3.8" } }, "id": "WID-SEC-W-2024-3197", "initial_release_date": "2024-10-15T22:00:00.000+00:00", "revision_history": [ { "date": "2024-10-15T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "11.3.0", "product": { "name": "Oracle Commerce 11.3.0", "product_id": "T018931", "product_identification_helper": { "cpe": "cpe:/a:oracle:commerce:11.3.0" } } }, { "category": "product_version", "name": "11.3.1", "product": { "name": "Oracle Commerce 11.3.1", "product_id": "T018932", "product_identification_helper": { "cpe": "cpe:/a:oracle:commerce:11.3.1" } } }, { "category": "product_version", "name": "11.3.2", "product": { "name": "Oracle Commerce 11.3.2", "product_id": "T018933", "product_identification_helper": { "cpe": "cpe:/a:oracle:commerce:11.3.2" } } }, { "category": "product_version", "name": "11.4.0", "product": { "name": "Oracle Commerce 11.4.0", "product_id": "T038369", "product_identification_helper": { "cpe": "cpe:/a:oracle:commerce:11.4.0" } } } ], "category": "product_name", "name": "Commerce" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-10172", "notes": [ { "category": "description", "text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018931", "T018932", "T018933", "T038369" ] }, "release_date": "2024-10-15T22:00:00.000+00:00", "title": "CVE-2019-10172" }, { "cve": "CVE-2020-13956", "notes": [ { "category": "description", "text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018931", "T018932", "T018933", "T038369" ] }, "release_date": "2024-10-15T22:00:00.000+00:00", "title": "CVE-2020-13956" }, { "cve": "CVE-2021-23358", "notes": [ { "category": "description", "text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018931", "T018932", "T018933", "T038369" ] }, "release_date": "2024-10-15T22:00:00.000+00:00", "title": "CVE-2021-23358" }, { "cve": "CVE-2021-28170", "notes": [ { "category": "description", "text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018931", "T018932", "T018933", "T038369" ] }, "release_date": "2024-10-15T22:00:00.000+00:00", "title": "CVE-2021-28170" }, { "cve": "CVE-2022-46337", "notes": [ { "category": "description", "text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018931", "T018932", "T018933", "T038369" ] }, "release_date": "2024-10-15T22:00:00.000+00:00", "title": "CVE-2022-46337" }, { "cve": "CVE-2023-20863", "notes": [ { "category": "description", "text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018931", "T018932", "T018933", "T038369" ] }, "release_date": "2024-10-15T22:00:00.000+00:00", "title": "CVE-2023-20863" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018931", "T018932", "T018933", "T038369" ] }, "release_date": "2024-10-15T22:00:00.000+00:00", "title": "CVE-2023-2976" }, { "cve": "CVE-2024-26308", "notes": [ { "category": "description", "text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018931", "T018932", "T018933", "T038369" ] }, "release_date": "2024-10-15T22:00:00.000+00:00", "title": "CVE-2024-26308" }, { "cve": "CVE-2024-34750", "notes": [ { "category": "description", "text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018931", "T018932", "T018933", "T038369" ] }, "release_date": "2024-10-15T22:00:00.000+00:00", "title": "CVE-2024-34750" } ] }
wid-sec-w-2023-0136
Vulnerability from csaf_certbund
Published
2023-01-17 23:00
Modified
2023-01-17 23:00
Summary
Oracle Construction and Engineering: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Construction and Engineering ist eine Sammlung von Werkzeugen zur Unterstützung von Bau- und Ingenieurbüros. Sie umfasst u. a. Projektmanagement-Lösungen zur Verwaltung von Projekte, zur Schaffung von Transparenz, zur Zusammenarbeit und zur Verwaltung von Änderungen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Construction and Engineering ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Construction and Engineering ist eine Sammlung von Werkzeugen zur Unterst\u00fctzung von Bau- und Ingenieurb\u00fcros. Sie umfasst u. a. Projektmanagement-L\u00f6sungen zur Verwaltung von Projekte, zur Schaffung von Transparenz, zur Zusammenarbeit und zur Verwaltung von \u00c4nderungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Construction and Engineering ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0136 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0136.json" }, { "category": "self", "summary": "WID-SEC-2023-0136 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0136" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Construction and Engineering vom 2023-01-17", "url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixPVA" } ], "source_lang": "en-US", "title": "Oracle Construction and Engineering: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-01-17T23:00:00.000+00:00", "generator": { "date": "2024-08-15T17:41:49.598+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-0136", "initial_release_date": "2023-01-17T23:00:00.000+00:00", "revision_history": [ { "date": "2023-01-17T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Construction and Engineering 18.8", "product": { "name": "Oracle Construction and Engineering 18.8", "product_id": "T018968", "product_identification_helper": { "cpe": "cpe:/a:oracle:construction_and_engineering:18.8" } } }, { "category": "product_name", "name": "Oracle Construction and Engineering 19.12", "product": { "name": "Oracle Construction and Engineering 19.12", "product_id": "T018969", "product_identification_helper": { "cpe": "cpe:/a:oracle:construction_and_engineering:19.12" } } }, { "category": "product_name", "name": "Oracle Construction and Engineering 20.12", "product": { "name": "Oracle Construction and Engineering 20.12", "product_id": "T018970", "product_identification_helper": { "cpe": "cpe:/a:oracle:construction_and_engineering:20.12" } } }, { "category": "product_name", "name": "Oracle Construction and Engineering 21.12", "product": { "name": "Oracle Construction and Engineering 21.12", "product_id": "T021651", "product_identification_helper": { "cpe": "cpe:/a:oracle:construction_and_engineering:21.12" } } }, { "category": "product_name", "name": "Oracle Construction and Engineering \u003c= 18.8.15", "product": { "name": "Oracle Construction and Engineering \u003c= 18.8.15", "product_id": "T024984", "product_identification_helper": { "cpe": "cpe:/a:oracle:construction_and_engineering:18.8.15" } } }, { "category": "product_name", "name": "Oracle Construction and Engineering \u003c= 19.12.15", "product": { "name": "Oracle Construction and Engineering \u003c= 19.12.15", "product_id": "T025873", "product_identification_helper": { "cpe": "cpe:/a:oracle:construction_and_engineering:19.12.15" } } }, { "category": "product_name", "name": "Oracle Construction and Engineering \u003c= 20.12.10", "product": { "name": "Oracle Construction and Engineering \u003c= 20.12.10", "product_id": "T025874", "product_identification_helper": { "cpe": "cpe:/a:oracle:construction_and_engineering:20.12.10" } } }, { "category": "product_name", "name": "Oracle Construction and Engineering \u003c= 21.12.8", "product": { "name": "Oracle Construction and Engineering \u003c= 21.12.8", "product_id": "T025875", "product_identification_helper": { "cpe": "cpe:/a:oracle:construction_and_engineering:21.12.8" } } }, { "category": "product_name", "name": "Oracle Construction and Engineering 22.12", "product": { "name": "Oracle Construction and Engineering 22.12", "product_id": "T025876", "product_identification_helper": { "cpe": "cpe:/a:oracle:construction_and_engineering:22.12" } } } ], "category": "product_name", "name": "Construction and Engineering" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-21888", "notes": [ { "category": "description", "text": "In Oracle Construction and Engineering existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025876", "T018968", "T018969", "T021651", "T018970" ], "last_affected": [ "T025873", "T024984", "T025875", "T025874" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2023-21888" }, { "cve": "CVE-2022-42889", "notes": [ { "category": "description", "text": "In Oracle Construction and Engineering existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025876", "T018968", "T018969", "T021651", "T018970" ], "last_affected": [ "T025873", "T024984", "T025875", "T025874" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2022-42889" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "In Oracle Construction and Engineering existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025876", "T018968", "T018969", "T021651", "T018970" ], "last_affected": [ "T025873", "T024984", "T025875", "T025874" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-34917", "notes": [ { "category": "description", "text": "In Oracle Construction and Engineering existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025876", "T018968", "T018969", "T021651", "T018970" ], "last_affected": [ "T025873", "T024984", "T025875", "T025874" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2022-34917" }, { "cve": "CVE-2022-3171", "notes": [ { "category": "description", "text": "In Oracle Construction and Engineering existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025876", "T018968", "T018969", "T021651", "T018970" ], "last_affected": [ "T025873", "T024984", "T025875", "T025874" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2022-3171" }, { "cve": "CVE-2021-23358", "notes": [ { "category": "description", "text": "In Oracle Construction and Engineering existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T025876", "T018968", "T018969", "T021651", "T018970" ], "last_affected": [ "T025873", "T024984", "T025875", "T025874" ] }, "release_date": "2023-01-17T23:00:00.000+00:00", "title": "CVE-2021-23358" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.