Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-3757 (GCVE-0-2021-3757)
Vulnerability from cvelistv5
Published
2021-09-02 12:06
Modified
2024-08-03 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Summary
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
References
| URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| immerjs | immerjs/immer |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "immerjs/immer",
"vendor": "immerjs",
"versions": [
{
"lessThanOrEqual": "9.0.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T12:06:26",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"source": {
"advisory": "23d38099-71cd-42ed-a77a-71e68094adfa",
"discovery": "EXTERNAL"
},
"title": "Prototype Pollution in immerjs/immer",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3757",
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution in immerjs/immer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "immerjs/immer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "9.0.5"
}
]
}
}
]
},
"vendor_name": "immerjs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237",
"refsource": "MISC",
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"name": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
]
},
"source": {
"advisory": "23d38099-71cd-42ed-a77a-71e68094adfa",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3757",
"datePublished": "2021-09-02T12:06:26",
"dateReserved": "2021-08-31T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-3757\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2021-09-02T12:15:07.617\",\"lastModified\":\"2024-11-21T06:22:21.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)\"},{\"lang\":\"es\",\"value\":\"immer es vulnerable a una Modificaci\u00f3n Controlada Inapropiada de Atributos de Prototipos de Objetos (\\\"Contaminaci\u00f3n de Prototipos\\\")\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:immer_project:immer:*:*:*:*:*:node.js:*:*\",\"versionEndIncluding\":\"9.0.5\",\"matchCriteriaId\":\"FA569641-1319-4F9F-B724-2D8F6C01676F\"}]}]}],\"references\":[{\"url\":\"https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
RHSA-2021:4848
Vulnerability from csaf_redhat
Published
2021-11-29 14:32
Modified
2025-11-07 16:39
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.5.2 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)
* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.5.2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4848",
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "2005438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005438"
},
{
"category": "external",
"summary": "2006842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006842"
},
{
"category": "external",
"summary": "2007429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007429"
},
{
"category": "external",
"summary": "2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4848.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory",
"tracking": {
"current_release_date": "2025-11-07T16:39:27+00:00",
"generator": {
"date": "2025-11-07T16:39:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.11"
}
},
"id": "RHSA-2021:4848",
"initial_release_date": "2021-11-29T14:32:07+00:00",
"revision_history": [
{
"date": "2021-11-29T14:32:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-29T14:32:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-07T16:39:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.5",
"product": {
"name": "8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el8"
}
}
},
{
"category": "product_name",
"name": "7Server-RHMTC-1.5",
"product": {
"name": "7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.5.2-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.5.2-15"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.5.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 as a component of 7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"relates_to_product_reference": "7Server-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3757",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2021-09-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2000734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in immer when manipulates object attributes such as _proto_, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-immer: prototype pollution may lead to DoS or remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) and OpenShift Migration Toolkit for Containers (MTC), the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-immer library to authenticated users only, therefore the impact is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3757"
},
{
"category": "external",
"summary": "RHBZ#2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"release_date": "2021-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-immer: prototype pollution may lead to DoS or remote code execution"
},
{
"acknowledgments": [
{
"names": [
"Andrew Collins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3948",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2021-11-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2022017"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3948"
},
{
"category": "external",
"summary": "RHBZ#2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
}
],
"release_date": "2021-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)"
}
]
}
rhsa-2021_4848
Vulnerability from csaf_redhat
Published
2021-11-29 14:32
Modified
2024-11-22 17:29
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.5.2 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)
* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.5.2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4848",
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "2005438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005438"
},
{
"category": "external",
"summary": "2006842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006842"
},
{
"category": "external",
"summary": "2007429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007429"
},
{
"category": "external",
"summary": "2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4848.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory",
"tracking": {
"current_release_date": "2024-11-22T17:29:39+00:00",
"generator": {
"date": "2024-11-22T17:29:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:4848",
"initial_release_date": "2021-11-29T14:32:07+00:00",
"revision_history": [
{
"date": "2021-11-29T14:32:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-29T14:32:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T17:29:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.5",
"product": {
"name": "8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el8"
}
}
},
{
"category": "product_name",
"name": "7Server-RHMTC-1.5",
"product": {
"name": "7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.5.2-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.5.2-15"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.5.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 as a component of 7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"relates_to_product_reference": "7Server-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3757",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2021-09-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2000734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in immer when manipulates object attributes such as _proto_, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-immer: prototype pollution may lead to DoS or remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) and OpenShift Migration Toolkit for Containers (MTC), the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-immer library to authenticated users only, therefore the impact is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3757"
},
{
"category": "external",
"summary": "RHBZ#2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"release_date": "2021-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-immer: prototype pollution may lead to DoS or remote code execution"
},
{
"acknowledgments": [
{
"names": [
"Andrew Collins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3948",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2021-11-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2022017"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3948"
},
{
"category": "external",
"summary": "RHBZ#2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
}
],
"release_date": "2021-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)"
}
]
}
rhsa-2021:4848
Vulnerability from csaf_redhat
Published
2021-11-29 14:32
Modified
2025-11-07 16:39
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.5.2 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)
* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.5.2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4848",
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "2005438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005438"
},
{
"category": "external",
"summary": "2006842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006842"
},
{
"category": "external",
"summary": "2007429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007429"
},
{
"category": "external",
"summary": "2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4848.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory",
"tracking": {
"current_release_date": "2025-11-07T16:39:27+00:00",
"generator": {
"date": "2025-11-07T16:39:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.11"
}
},
"id": "RHSA-2021:4848",
"initial_release_date": "2021-11-29T14:32:07+00:00",
"revision_history": [
{
"date": "2021-11-29T14:32:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-29T14:32:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-07T16:39:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.5",
"product": {
"name": "8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el8"
}
}
},
{
"category": "product_name",
"name": "7Server-RHMTC-1.5",
"product": {
"name": "7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.5.2-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.5.2-15"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.5.2-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.5.2-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.5.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.5.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64 as a component of 7Server-RHMTC-1.5",
"product_id": "7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"relates_to_product_reference": "7Server-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64 as a component of 8Base-RHMTC-1.5",
"product_id": "8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3757",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2021-09-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2000734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in immer when manipulates object attributes such as _proto_, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-immer: prototype pollution may lead to DoS or remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) and OpenShift Migration Toolkit for Containers (MTC), the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-immer library to authenticated users only, therefore the impact is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3757"
},
{
"category": "external",
"summary": "RHBZ#2000734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"release_date": "2021-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-immer: prototype pollution may lead to DoS or remote code execution"
},
{
"acknowledgments": [
{
"names": [
"Andrew Collins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3948",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2021-11-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2022017"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"known_not_affected": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3948"
},
{
"category": "external",
"summary": "RHBZ#2022017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3948"
}
],
"release_date": "2021-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-29T14:32:07+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4848"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.5:rhmtc/openshift-migration-operator-bundle@sha256:4cb306211de0ab828d820121403b3e24042ade968f8c11d73bd18293ce66d4b5_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-controller-rhel8@sha256:9b370e4581d8304b22a7ed0d611dfd8cda5de9409de317a2d14493b8a85d1825_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:18bd8aca547ef7405e6bd11b6a707f94c4fe7d6cf37d5d1457de3bcbbb76d18b_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-log-reader-rhel8@sha256:73211f07c9bc9cf50143cc3abbd300e2b947a6302bb131c4f9574de4889ff3a7_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-must-gather-rhel8@sha256:b5d2f9ea192bd1bebbc70abc1d5f7b42cfe256a1c98654bf55389638d21b3e62_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-registry-rhel8@sha256:408c2354fa306c33934b948bd25717e0e8b000d74e8f4878065ada3bcd495240_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:49ecd492c77f331db0c6d6ba321dd533b3011b99b3f5c1fba9beba08e083a174_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-ui-rhel8@sha256:eaa892b92aec8a199ea3b8ddde8514183cf77ea1c65bddfe4a1ef5c5c86b79cc_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:e3f7df6727a0b950226b22b0eaeb6f4f7e2efa45b0e5df37590e40819263f06a_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1f99d649dbb99d45a128b0d12da6450cef66b12c3d4268232632ce1ca2a69d4d_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:ccaccd26401ba1bbb0b749e93feaf2e2cb1b02a98753487c06980c1a47bb824e_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:920ca4e6d4653ac0f38ec5211096584b999bdc514569c1b154a43a574aecfa28_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-migration-velero-rhel8@sha256:2c0bd421acb76483ce27ee397444efef2bd2d73abfdf912c03d59ebee2f21b36_amd64",
"8Base-RHMTC-1.5:rhmtc/openshift-velero-plugin-rhel8@sha256:4b986ab60ea77b32a1ea17f1d6c277805e8496732b6f26b96a96269bbaa8a8be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)"
}
]
}
gsd-2021-3757
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-3757",
"description": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"id": "GSD-2021-3757",
"references": [
"https://access.redhat.com/errata/RHSA-2021:4848"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-3757"
],
"details": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"id": "GSD-2021-3757",
"modified": "2023-12-13T01:23:34.063107Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3757",
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution in immerjs/immer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "immerjs/immer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "9.0.5"
}
]
}
}
]
},
"vendor_name": "immerjs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237",
"refsource": "MISC",
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"name": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
]
},
"source": {
"advisory": "23d38099-71cd-42ed-a77a-71e68094adfa",
"discovery": "EXTERNAL"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=9.0.5",
"affected_versions": "All versions up to 9.0.5",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-1321",
"CWE-937"
],
"date": "2022-09-10",
"description": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"fixed_versions": [
"9.0.6"
],
"identifier": "CVE-2021-3757",
"identifiers": [
"CVE-2021-3757"
],
"not_impacted": "All versions after 9.0.5",
"package_slug": "npm/immer",
"pubdate": "2021-09-02",
"solution": "Upgrade to version 9.0.6 or above.",
"title": "Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3757",
"https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
],
"uuid": "679edfc6-3615-48f3-a456-e3a52c4d482f"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:immer_project:immer:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3757"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
},
{
"name": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-09-10T02:46Z",
"publishedDate": "2021-09-02T12:15Z"
}
}
}
ghsa-c36v-fmgq-m8hx
Vulnerability from github
Published
2021-09-07 22:57
Modified
2024-04-25 22:09
Severity ?
VLAI Severity ?
Summary
Prototype Pollution in immer
Details
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "immer"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "9.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3757"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-915"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-03T20:17:21Z",
"nvd_published_at": "2021-09-02T12:15:00Z",
"severity": "HIGH"
},
"details": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027).",
"id": "GHSA-c36v-fmgq-m8hx",
"modified": "2024-04-25T22:09:12Z",
"published": "2021-09-07T22:57:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3757"
},
{
"type": "WEB",
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"type": "PACKAGE",
"url": "https://github.com/immerjs/immer"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in immer"
}
fkie_cve-2021-3757
Vulnerability from fkie_nvd
Published
2021-09-02 12:15
Modified
2024-11-21 06:22
Severity ?
Summary
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| immer_project | immer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:immer_project:immer:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "FA569641-1319-4F9F-B724-2D8F6C01676F",
"versionEndIncluding": "9.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
{
"lang": "es",
"value": "immer es vulnerable a una Modificaci\u00f3n Controlada Inapropiada de Atributos de Prototipos de Objetos (\"Contaminaci\u00f3n de Prototipos\")"
}
],
"id": "CVE-2021-3757",
"lastModified": "2024-11-21T06:22:21.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-02T12:15:07.617",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2021-AVI-766
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans IBM App Connect Enterprise. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM App Connect Enterprise Certified Container versions 1.3 avec Operator | ||
| IBM | N/A | IBM App Connect Enterprise Certified Container versions 1.1 avec Operator | ||
| IBM | N/A | IBM App Connect Enterprise Certified Container versions 1.4 avec Operator | ||
| IBM | N/A | IBM App Connect Enterprise Certified Container versions 1.2 avec Operator | ||
| IBM | N/A | IBM App Connect Enterprise Certified Container versions 1.5 avec Operator | ||
| IBM | N/A | IBM App Connect Enterprise Certified Container versions 1.0 avec Operator |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM App Connect Enterprise Certified Container versions 1.3 avec Operator",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM App Connect Enterprise Certified Container versions 1.1 avec Operator",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM App Connect Enterprise Certified Container versions 1.4 avec Operator",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM App Connect Enterprise Certified Container versions 1.2 avec Operator",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM App Connect Enterprise Certified Container versions 1.5 avec Operator",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM App Connect Enterprise Certified Container versions 1.0 avec Operator",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
}
],
"initial_release_date": "2021-10-11T00:00:00",
"last_revision_date": "2021-10-11T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-766",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans IBM App Connect Enterprise. Elle\npermet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans IBM App Connect Enterprise",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6497303 du 11 octobre 2021",
"url": "https://www.ibm.com/support/pages/node/6497303"
}
]
}
CERTFR-2024-AVI-0630
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Network Packet Capture versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 Update Package 8",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2018-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2021-23364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23364"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2021-23436",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23436"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2016-10540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10540"
},
{
"name": "CVE-2020-28477",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28477"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2022-43441",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43441"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0842"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-27088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2021-24033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24033"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2024-31905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31905"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2018-16487",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16487"
},
{
"name": "CVE-2021-42740",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42740"
},
{
"name": "CVE-2016-10538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10538"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2023-32233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
},
{
"name": "CVE-2021-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
}
],
"initial_release_date": "2024-07-26T00:00:00",
"last_revision_date": "2024-07-26T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0630",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": "2024-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7161462",
"url": "https://www.ibm.com/support/pages/node/7161462"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160961",
"url": "https://www.ibm.com/support/pages/node/7160961"
},
{
"published_at": "2024-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160858",
"url": "https://www.ibm.com/support/pages/node/7160858"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…