Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-42003 (GCVE-0-2022-42003)
Vulnerability from cvelistv5 – Published: 2022-10-02 00:00 – Updated: 2024-08-03 12:56
VLAI
EPSS
Summary
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:39.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/3590"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
},
{
"name": "GLSA-202210-21",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T09:33:08.256Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FasterXML/jackson-databind/issues/3590"
},
{
"url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
},
{
"name": "GLSA-202210-21",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42003",
"datePublished": "2022-10-02T00:00:00.000Z",
"dateReserved": "2022-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:56:39.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-42003",
"date": "2026-06-08",
"epss": "0.00317",
"percentile": "0.5512"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.12.7.1\", \"matchCriteriaId\": \"0848F177-1977-4C9C-B91A-7374FF25F335\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.13.0\", \"versionEndExcluding\": \"2.13.4.1\", \"matchCriteriaId\": \"A2BBD219-927A-40F3-9AFE-C6A8E7F3E26B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.13.3\", \"matchCriteriaId\": \"DA172A0D-FB5E-4754-BB9F-3DEC3366E6F8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.\"}, {\"lang\": \"es\", \"value\": \"En FasterXML jackson-databind anterior a 2.14.0-rc1, puede producirse un agotamiento de recursos debido a la falta de una comprobaci\\u00f3n en los deserializadores de valores primitivos para evitar el anidamiento de arrays envolventes profundos, cuando la funci\\u00f3n UNWRAP_SINGLE_VALUE_ARRAYS est\\u00e1 activada. Versi\\u00f3n de correcci\\u00f3n adicional en 2.13.4.1 y 2.12.17.1\"}]",
"id": "CVE-2022-42003",
"lastModified": "2024-11-21T07:24:15.093",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2022-10-02T05:15:09.070",
"references": "[{\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/3590\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202210-21\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221124-0004/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5283\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/3590\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202210-21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221124-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5283\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-42003\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-10-02T05:15:09.070\",\"lastModified\":\"2024-11-21T07:24:15.093\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.\"},{\"lang\":\"es\",\"value\":\"En FasterXML jackson-databind anterior a 2.14.0-rc1, puede producirse un agotamiento de recursos debido a la falta de una comprobaci\u00f3n en los deserializadores de valores primitivos para evitar el anidamiento de arrays envolventes profundos, cuando la funci\u00f3n UNWRAP_SINGLE_VALUE_ARRAYS est\u00e1 activada. Versi\u00f3n de correcci\u00f3n adicional en 2.13.4.1 y 2.12.17.1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.12.7.1\",\"matchCriteriaId\":\"0848F177-1977-4C9C-B91A-7374FF25F335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.13.0\",\"versionEndExcluding\":\"2.13.4.1\",\"matchCriteriaId\":\"A2BBD219-927A-40F3-9AFE-C6A8E7F3E26B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.13.3\",\"matchCriteriaId\":\"DA172A0D-FB5E-4754-BB9F-3DEC3366E6F8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]}],\"references\":[{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/3590\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202210-21\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221124-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5283\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/3590\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202210-21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221124-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5283\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2023:2100
Vulnerability from csaf_redhat - Published: 2023-05-03 14:05 - Updated: 2026-06-06 13:03Summary
Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update
Severity
Important
Notes
Topic: Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)
* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)
* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)
* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)
* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)
* apache-ivy: Directory Traversal (CVE-2022-37865)
* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)
* batik: Server-Side Request Forgery (CVE-2022-38398)
* batik: Server-Side Request Forgery (CVE-2022-38648)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)
* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)
* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about services running on the private network of the client.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A stored cross-site scripting (XSS) flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle (MITM) attack, manipulating network traffic and gaining the client's authentication data.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This issue could allow a malicious used to have unwanted access.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Ivy. This may allow an attacker to place artifacts inside and outside of Ivy's repository and overwrite artifacts that the user will use later.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server requests, leaving the server unable to respond.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.20.1
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.20.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
204 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)\n\n* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)\n\n* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)\n\n* apache-ivy: Directory Traversal (CVE-2022-37865)\n\n* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2100",
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q2"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "2129710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
},
{
"category": "external",
"summary": "2134288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134288"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2136128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136128"
},
{
"category": "external",
"summary": "2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "2136207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136207"
},
{
"category": "external",
"summary": "2145205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145205"
},
{
"category": "external",
"summary": "2145264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145264"
},
{
"category": "external",
"summary": "2150011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150011"
},
{
"category": "external",
"summary": "2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "2153379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
},
{
"category": "external",
"summary": "2155291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155291"
},
{
"category": "external",
"summary": "2155292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155292"
},
{
"category": "external",
"summary": "2155295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155295"
},
{
"category": "external",
"summary": "2169924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169924"
},
{
"category": "external",
"summary": "2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "2182182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182182"
},
{
"category": "external",
"summary": "2182183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182183"
},
{
"category": "external",
"summary": "2182188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182188"
},
{
"category": "external",
"summary": "2182198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182198"
},
{
"category": "external",
"summary": "2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "2187742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187742"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2100.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update",
"tracking": {
"current_release_date": "2026-06-06T13:03:29+00:00",
"generator": {
"date": "2026-06-06T13:03:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2023:2100",
"initial_release_date": "2023-05-03T14:05:29+00:00",
"revision_history": [
{
"date": "2023-05-03T14:05:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-03T14:05:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T13:03:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHINT Camel-Springboot 3.20.1",
"product": {
"name": "RHINT Camel-Springboot 3.20.1",
"product_id": "RHINT Camel-Springboot 3.20.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:camel_spring_boot:3.20.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169924"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Net\u0027s FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about services running on the private network of the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-net: FTP client trusts the host from PASV response by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37533"
},
{
"category": "external",
"summary": "RHBZ#2169924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37533",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37533"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-net: FTP client trusts the host from PASV response by default"
},
{
"cve": "CVE-2022-4492",
"cwe": {
"id": "CWE-550",
"name": "Server-generated Error Message Containing Sensitive Information"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Server identity in https connection is not checked by the undertow client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"category": "external",
"summary": "RHBZ#2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
}
],
"release_date": "2022-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Server identity in https connection is not checked by the undertow client"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-31777",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145264"
}
],
"notes": [
{
"category": "description",
"text": "A stored cross-site scripting (XSS) flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-spark: XSS vulnerability in log viewer UI Javascript",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31777"
},
{
"category": "external",
"summary": "RHBZ#2145264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145264"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31777",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31777"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31777",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31777"
}
],
"release_date": "2022-11-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-spark: XSS vulnerability in log viewer UI Javascript"
},
{
"cve": "CVE-2022-33681",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle (MITM) attack, manipulating network traffic and gaining the client\u0027s authentication data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-33681"
},
{
"category": "external",
"summary": "RHBZ#2136207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-33681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-33681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33681"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM"
},
{
"cve": "CVE-2022-37865",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182188"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This issue could allow a malicious used to have unwanted access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-ivy: Directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS states High according to NIST, due to the nature of this flaw, considering it\u0027s an optional attribute and there must be restrictions in other layers to prevent attacks, this flaw is taken as a Moderate following the Medium impact from Apache.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37865"
},
{
"category": "external",
"summary": "RHBZ#2182188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182188"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37865"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy",
"url": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy"
}
],
"release_date": "2022-11-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-ivy: Directory Traversal"
},
{
"cve": "CVE-2022-37866",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150011"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Ivy. This may allow an attacker to place artifacts inside and outside of Ivy\u0027s repository and overwrite artifacts that the user will use later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ivy: Ivy Path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37866"
},
{
"category": "external",
"summary": "RHBZ#2150011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150011"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37866",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37866"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ivy: Ivy Path traversal"
},
{
"cve": "CVE-2022-38398",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155292"
}
],
"notes": [
{
"category": "description",
"text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38398"
},
{
"category": "external",
"summary": "RHBZ#2155292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38398",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38398"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38398",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38398"
},
{
"category": "external",
"summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903462",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903462"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/BATIK-1331",
"url": "https://issues.apache.org/jira/browse/BATIK-1331"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx",
"url": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery"
},
{
"cve": "CVE-2022-38648",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155295"
}
],
"notes": [
{
"category": "description",
"text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38648"
},
{
"category": "external",
"summary": "RHBZ#2155295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155295"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38648"
},
{
"category": "external",
"summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903625",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903625"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/BATIK-1333",
"url": "https://issues.apache.org/jira/browse/BATIK-1333"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b",
"url": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery"
},
{
"cve": "CVE-2022-38749",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129706"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "RHBZ#2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
},
{
"cve": "CVE-2022-38750",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38750"
},
{
"category": "external",
"summary": "RHBZ#2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject"
},
{
"cve": "CVE-2022-38751",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129709"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38751"
},
{
"category": "external",
"summary": "RHBZ#2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match"
},
{
"cve": "CVE-2022-38752",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129710"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38752"
},
{
"category": "external",
"summary": "RHBZ#2129710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode"
},
{
"cve": "CVE-2022-39368",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145205"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don\u0027t clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server requests, leaving the server unable to respond.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "scandium: Failing DTLS handshakes may cause throttling to block processing of records",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39368"
},
{
"category": "external",
"summary": "RHBZ#2145205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39368"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39368"
},
{
"category": "external",
"summary": "https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjgc",
"url": "https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjgc"
}
],
"release_date": "2022-11-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "scandium: Failing DTLS handshakes may cause throttling to block processing of records"
},
{
"cve": "CVE-2022-40146",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155291"
}
],
"notes": [
{
"category": "description",
"text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery (SSRF) vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40146"
},
{
"category": "external",
"summary": "RHBZ#2155291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40146",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40146"
},
{
"category": "external",
"summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903910",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903910"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/BATIK-1335",
"url": "https://issues.apache.org/jira/browse/BATIK-1335"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx",
"url": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery (SSRF) vulnerability"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40151",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40151"
},
{
"category": "external",
"summary": "RHBZ#2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40156",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134288"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40156"
},
{
"category": "external",
"summary": "RHBZ#2134288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40156"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-41704",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Batik.\u00a0This issue may allow a malicious user to run untrusted Java code from an SVG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Apache XML Graphics Batik vulnerable to code execution via SVG",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41704"
},
{
"category": "external",
"summary": "RHBZ#2182182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41704",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41704"
}
],
"release_date": "2022-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Apache XML Graphics Batik vulnerable to code execution via SVG"
},
{
"cve": "CVE-2022-41852",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136128"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JXPath: untrusted XPath expressions may lead to RCE attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41852"
},
{
"category": "external",
"summary": "RHBZ#2136128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136128"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41852"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JXPath: untrusted XPath expressions may lead to RCE attack"
},
{
"cve": "CVE-2022-41853",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136141"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hsqldb: Untrusted input may lead to RCE attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41853"
},
{
"category": "external",
"summary": "RHBZ#2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853"
},
{
"category": "external",
"summary": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control",
"url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-77xx-rxvh-q682",
"url": "https://github.com/advisories/GHSA-77xx-rxvh-q682"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
},
{
"category": "workaround",
"details": "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "hsqldb: Untrusted input may lead to RCE attack"
},
{
"cve": "CVE-2022-41854",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151988"
}
],
"notes": [
{
"category": "description",
"text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dev-java/snakeyaml: DoS via stack overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41854"
},
{
"category": "external",
"summary": "RHBZ#2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
}
],
"release_date": "2022-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dev-java/snakeyaml: DoS via stack overflow"
},
{
"cve": "CVE-2022-41881",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41881"
},
{
"category": "external",
"summary": "RHBZ#2153379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
}
],
"release_date": "2022-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS"
},
{
"cve": "CVE-2022-41966",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41966"
},
{
"category": "external",
"summary": "RHBZ#2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966"
},
{
"category": "external",
"summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv"
}
],
"release_date": "2022-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-42890",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182183"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Untrusted code execution in Apache XML Graphics Batik",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42890"
},
{
"category": "external",
"summary": "RHBZ#2182183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890"
}
],
"release_date": "2022-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Untrusted code execution in Apache XML Graphics Batik"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-1436",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: Uncontrolled Recursion in JSONArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1436"
},
{
"category": "external",
"summary": "RHBZ#2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/",
"url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: Uncontrolled Recursion in JSONArray"
},
{
"cve": "CVE-2023-20860",
"cwe": {
"id": "CWE-155",
"name": "Improper Neutralization of Wildcards or Matching Symbols"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20860"
},
{
"category": "external",
"summary": "RHBZ#2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern"
},
{
"cve": "CVE-2023-20861",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Spring Expression DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20861"
},
{
"category": "external",
"summary": "RHBZ#2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Spring Expression DoS Vulnerability"
},
{
"cve": "CVE-2023-20863",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2187742"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. Certain versions of Spring Framework\u0027s Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Spring Expression DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20863"
},
{
"category": "external",
"summary": "RHBZ#2187742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187742"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20863"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2023-20863",
"url": "https://spring.io/security/cve-2023-20863"
}
],
"release_date": "2023-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Spring Expression DoS Vulnerability"
},
{
"cve": "CVE-2023-22602",
"cwe": {
"id": "CWE-436",
"name": "Interpretation Conflict"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182198"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shiro: Authentication bypass through a specially crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-22602"
},
{
"category": "external",
"summary": "RHBZ#2182198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182198"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-22602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-22602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22602"
}
],
"release_date": "2023-01-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "shiro: Authentication bypass through a specially crafted HTTP request"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.20.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-03T14:05:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.20.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.20.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
}
]
}
RHSA-2023:2135
Vulnerability from csaf_redhat - Published: 2023-05-04 15:59 - Updated: 2026-06-01 17:07Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.3 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)
* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
64 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2135",
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2138971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2135.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.3 security update",
"tracking": {
"current_release_date": "2026-06-01T17:07:53+00:00",
"generator": {
"date": "2026-06-01T17:07:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:2135",
"initial_release_date": "2023-05-04T15:59:31+00:00",
"revision_history": [
{
"date": "2023-05-04T15:59:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-04T15:59:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-01T17:07:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.13.1 async",
"product": {
"name": "RHPAM 7.13.1 async",
"product_id": "RHPAM 7.13.1 async",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3782",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138971"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: path traversal via double URL encoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3782"
},
{
"category": "external",
"summary": "RHBZ#2138971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782"
}
],
"release_date": "2022-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: path traversal via double URL encoding"
},
{
"cve": "CVE-2022-4244",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2149841"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "codehaus-plexus: Directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On uses this package for testing purposes and is not delivered with the distribution. Hence not affected status.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4244"
},
{
"category": "external",
"summary": "RHBZ#2149841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4244"
}
],
"release_date": "2022-12-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "codehaus-plexus: Directory Traversal"
},
{
"cve": "CVE-2022-4245",
"cwe": {
"id": "CWE-91",
"name": "XML Injection (aka Blind XPath Injection)"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2149843"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --\u003e sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "codehaus-plexus: XML External Entity (XXE) Injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4245"
},
{
"category": "external",
"summary": "RHBZ#2149843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149843"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4245"
}
],
"release_date": "2022-12-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "codehaus-plexus: XML External Entity (XXE) Injection"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"RHPAM 7.13.1 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-text: variable interpolation RCE"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46363",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155681"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: directory listing / code exfiltration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46363"
},
{
"category": "external",
"summary": "RHBZ#2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: directory listing / code exfiltration"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
},
{
"cve": "CVE-2023-1108",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2023-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2174246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Infinite loop in SslConduit during close",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1108"
},
{
"category": "external",
"summary": "RHBZ#2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-m4mm-pg93-fv78",
"url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
}
],
"release_date": "2023-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Undertow: Infinite loop in SslConduit during close"
}
]
}
RHSA-2023:3223
Vulnerability from csaf_redhat - Published: 2023-05-18 09:54 - Updated: 2026-05-14 22:33Summary
Red Hat Security Advisory: Red Hat AMQ Streams 2.4.0 release and security update
Severity
Important
Notes
Topic: Red Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.4.0 serves as a replacement for Red Hat AMQ Streams 2.3.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* scala: deserialization gadget chain (CVE-2022-36944)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* netty: world readable temporary file containing sensitive data (CVE-2022-24823)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* Red Hat A-MQ Streams: component version with information disclosure flaw (CVE-2023-0833)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Scala's LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
4.7 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Apache Kafka Connect's REST API that permits configuration of SASL property by an authenticated operator, which could allow connection to a malicious LDAP server and subsequent deserialization of malicious content. This issue could allow an authenticated attacker to cause a denial of service or execute arbitrary code on the server, given presence of vulnerable classes on the server's classpath.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.4.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
85 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.4.0 serves as a replacement for Red Hat AMQ Streams 2.3.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* scala: deserialization gadget chain (CVE-2022-36944)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* netty: world readable temporary file containing sensitive data (CVE-2022-24823)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* Red Hat A-MQ Streams: component version with information disclosure flaw (CVE-2023-0833)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3223",
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.4.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.4.0"
},
{
"category": "external",
"summary": "2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2087186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186"
},
{
"category": "external",
"summary": "2129809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129809"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2154086",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154086"
},
{
"category": "external",
"summary": "2169845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169845"
},
{
"category": "external",
"summary": "2185707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185707"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "ENTMQST-4107",
"url": "https://issues.redhat.com/browse/ENTMQST-4107"
},
{
"category": "external",
"summary": "ENTMQST-4541",
"url": "https://issues.redhat.com/browse/ENTMQST-4541"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3223.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.4.0 release and security update",
"tracking": {
"current_release_date": "2026-05-14T22:33:03+00:00",
"generator": {
"date": "2026-05-14T22:33:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2023:3223",
"initial_release_date": "2023-05-18T09:54:05+00:00",
"revision_history": [
{
"date": "2023-05-18T09:54:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-18T09:54:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:33:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Streams 2.4.0",
"product": {
"name": "Red Hat AMQ Streams 2.4.0",
"product_id": "Red Hat AMQ Streams 2.4.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:2"
}
}
}
],
"category": "product_family",
"name": "Streams for Apache Kafka"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-0341",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2154086"
}
],
"notes": [
{
"category": "description",
"text": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "okhttp: information disclosure via improperly used cryptographic function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-0341"
},
{
"category": "external",
"summary": "RHBZ#2154086",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154086"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341"
},
{
"category": "external",
"summary": "https://source.android.com/security/bulletin/2021-02-01",
"url": "https://source.android.com/security/bulletin/2021-02-01"
}
],
"release_date": "2021-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "okhttp: information disclosure via improperly used cryptographic function"
},
{
"cve": "CVE-2021-37136",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004133"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37136"
},
{
"category": "external",
"summary": "RHBZ#2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
},
{
"cve": "CVE-2021-37137",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37137"
},
{
"category": "external",
"summary": "RHBZ#2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
},
{
"cve": "CVE-2021-46877",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46877"
},
{
"category": "external",
"summary": "RHBZ#2185707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46877",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46877"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877"
}
],
"release_date": "2023-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode"
},
{
"cve": "CVE-2022-24823",
"cwe": {
"id": "CWE-379",
"name": "Creation of Temporary File in Directory with Insecure Permissions"
},
"discovery_date": "2022-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2087186"
}
],
"notes": [
{
"category": "description",
"text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: world readable temporary file containing sensitive data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24823"
},
{
"category": "external",
"summary": "RHBZ#2087186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823"
}
],
"release_date": "2022-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
},
{
"category": "workaround",
"details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: world readable temporary file containing sensitive data"
},
{
"cve": "CVE-2022-36944",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Scala\u0027s LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "scala: deserialization gadget chain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-36944"
},
{
"category": "external",
"summary": "RHBZ#2129809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-36944",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36944"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36944",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36944"
},
{
"category": "external",
"summary": "https://github.com/scala/scala/pull/10118",
"url": "https://github.com/scala/scala/pull/10118"
}
],
"release_date": "2022-09-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
},
{
"category": "workaround",
"details": "Users of Scala\u0027s LazyList should never permit deserialization of untrusted data.",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "scala: deserialization gadget chain"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2023-0833",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2023-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169845"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat\u0027s AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Streams: component version with information disclosure flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0833"
},
{
"category": "external",
"summary": "RHBZ#2169845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169845"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0833",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0833"
},
{
"category": "external",
"summary": "https://github.com/square/okhttp/issues/6738",
"url": "https://github.com/square/okhttp/issues/6738"
}
],
"release_date": "2023-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Streams: component version with information disclosure flaw"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-25194",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2216516"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Kafka Connect\u0027s REST API that permits configuration of SASL property by an authenticated operator, which could allow connection to a malicious LDAP server and subsequent deserialization of malicious content. This issue could allow an authenticated attacker to cause a denial of service or execute arbitrary code on the server, given presence of vulnerable classes on the server\u0027s classpath.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka: RCE/DoS via SASL JAAS JndiLoginModule configuration in Kafka Connect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.4.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25194"
},
{
"category": "external",
"summary": "RHBZ#2216516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216516"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25194"
},
{
"category": "external",
"summary": "https://kafka.apache.org/cve-list#CVE-2023-25194",
"url": "https://kafka.apache.org/cve-list#CVE-2023-25194"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz",
"url": "https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T09:54:05+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.4.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.4.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kafka: RCE/DoS via SASL JAAS JndiLoginModule configuration in Kafka Connect"
}
]
}
RHSA-2023:3641
Vulnerability from csaf_redhat - Published: 2023-06-15 15:23 - Updated: 2026-06-06 13:03Summary
Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release
Severity
Important
Notes
Topic: Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available.
Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed.
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
94 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available.\n\nRed Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed.\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3641",
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q2"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "2129710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
},
{
"category": "external",
"summary": "2134288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134288"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2209342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3641.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release",
"tracking": {
"current_release_date": "2026-06-06T13:03:28+00:00",
"generator": {
"date": "2026-06-06T13:03:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2023:3641",
"initial_release_date": "2023-06-15T15:23:47+00:00",
"revision_history": [
{
"date": "2023-06-15T15:23:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-15T15:23:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T13:03:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHINT Camel-Springboot 3.18.3.P2",
"product": {
"name": "RHINT Camel-Springboot 3.18.3.P2",
"product_id": "RHINT Camel-Springboot 3.18.3.P2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:camel_spring_boot:3.18"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-38749",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129706"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "RHBZ#2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
},
{
"cve": "CVE-2022-38750",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38750"
},
{
"category": "external",
"summary": "RHBZ#2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject"
},
{
"cve": "CVE-2022-38751",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129709"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38751"
},
{
"category": "external",
"summary": "RHBZ#2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match"
},
{
"cve": "CVE-2022-38752",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129710"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38752"
},
{
"category": "external",
"summary": "RHBZ#2129710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40156",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134288"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40156"
},
{
"category": "external",
"summary": "RHBZ#2134288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40156"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-41854",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151988"
}
],
"notes": [
{
"category": "description",
"text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dev-java/snakeyaml: DoS via stack overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41854"
},
{
"category": "external",
"summary": "RHBZ#2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
}
],
"release_date": "2022-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dev-java/snakeyaml: DoS via stack overflow"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-46363",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155681"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: directory listing / code exfiltration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46363"
},
{
"category": "external",
"summary": "RHBZ#2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: directory listing / code exfiltration"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-1436",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: Uncontrolled Recursion in JSONArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1436"
},
{
"category": "external",
"summary": "RHBZ#2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/",
"url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: Uncontrolled Recursion in JSONArray"
},
{
"cve": "CVE-2023-20883",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot\u0027s welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-boot: Spring Boot Welcome Page DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20883"
},
{
"category": "external",
"summary": "RHBZ#2209342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883"
}
],
"release_date": "2023-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-boot: Spring Boot Welcome Page DoS Vulnerability"
}
]
}
RHSA-2023:3663
Vulnerability from csaf_redhat - Published: 2023-06-19 10:15 - Updated: 2026-05-16 23:26Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Severity
Important
Notes
Topic: An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)
* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)
* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)
* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)
* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)
* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Moderate
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Low
A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Important
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Important
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Important
A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Important
A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator’s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.
7.0 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Important
A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.
4.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Low
A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Low
A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Important
A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing "dot dot" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.
6.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
References
103 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)\n\n* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)\n\n* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)\n\n* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)\n\n* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3663",
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2087214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214"
},
{
"category": "external",
"summary": "2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "2177626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626"
},
{
"category": "external",
"summary": "2177629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629"
},
{
"category": "external",
"summary": "2177632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632"
},
{
"category": "external",
"summary": "2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "2182864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2207830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830"
},
{
"category": "external",
"summary": "2207835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3663.json"
}
],
"title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update",
"tracking": {
"current_release_date": "2026-05-16T23:26:22+00:00",
"generator": {
"date": "2026-05-16T23:26:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2023:3663",
"initial_release_date": "2023-06-19T10:15:57+00:00",
"revision_history": [
{
"date": "2023-06-19T10:15:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-19T10:15:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-16T23:26:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.11::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.401.1.1686831596-3.el8.src",
"product": {
"name": "jenkins-0:2.401.1.1686831596-3.el8.src",
"product_id": "jenkins-0:2.401.1.1686831596-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.401.1.1686831596-3.el8.noarch",
"product": {
"name": "jenkins-0:2.401.1.1686831596-3.el8.noarch",
"product_id": "jenkins-0:2.401.1.1686831596-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.401.1.1686831596-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch"
},
"product_reference": "jenkins-0:2.401.1.1686831596-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.401.1.1686831596-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
},
"product_reference": "jenkins-0:2.401.1.1686831596-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2048",
"cwe": {
"id": "CWE-410",
"name": "Insufficient Resource Pool"
},
"discovery_date": "2022-08-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2116952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http2-server: Invalid HTTP/2 requests cause DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2048"
},
{
"category": "external",
"summary": "RHBZ#2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
}
],
"release_date": "2022-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http2-server: Invalid HTTP/2 requests cause DoS"
},
{
"cve": "CVE-2022-22976",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-05-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2087214"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: BCrypt skips salt rounds for work factor of 31",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22976"
},
{
"category": "external",
"summary": "RHBZ#2087214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22976",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976"
},
{
"category": "external",
"summary": "https://tanzu.vmware.com/security/cve-2022-22976",
"url": "https://tanzu.vmware.com/security/cve-2022-22976"
}
],
"release_date": "2022-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: BCrypt skips salt rounds for work factor of 31"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-41966",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41966"
},
{
"category": "external",
"summary": "RHBZ#2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966"
},
{
"category": "external",
"summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv"
}
],
"release_date": "2022-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-1436",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: Uncontrolled Recursion in JSONArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1436"
},
{
"category": "external",
"summary": "RHBZ#2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/",
"url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: Uncontrolled Recursion in JSONArray"
},
{
"cve": "CVE-2023-20860",
"cwe": {
"id": "CWE-155",
"name": "Improper Neutralization of Wildcards or Matching Symbols"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20860"
},
{
"category": "external",
"summary": "RHBZ#2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern"
},
{
"cve": "CVE-2023-26464",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j1-socketappender: DoS via hashmap logging",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26464"
},
{
"category": "external",
"summary": "RHBZ#2182864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464"
},
{
"category": "external",
"summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464",
"url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464"
}
],
"release_date": "2023-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "log4j1-socketappender: DoS via hashmap logging"
},
{
"cve": "CVE-2023-27898",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: XSS vulnerability in plugin manager",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27898"
},
{
"category": "external",
"summary": "RHBZ#2177629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27898"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Jenkins: XSS vulnerability in plugin manager"
},
{
"cve": "CVE-2023-27899",
"cwe": {
"id": "CWE-378",
"name": "Creation of Temporary File With Insecure Permissions"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator\u2019s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Temporary plugin file created with insecure permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27899"
},
{
"category": "external",
"summary": "RHBZ#2177626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27899"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Jenkins: Temporary plugin file created with insecure permissions"
},
{
"cve": "CVE-2023-27903",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177632"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Temporary file parameter created with insecure permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27903"
},
{
"category": "external",
"summary": "RHBZ#2177632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Jenkins: Temporary file parameter created with insecure permissions"
},
{
"cve": "CVE-2023-27904",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Information disclosure through error stack traces related to agents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27904"
},
{
"category": "external",
"summary": "RHBZ#2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Jenkins: Information disclosure through error stack traces related to agents"
},
{
"cve": "CVE-2023-32977",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-05-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2207830"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim\u0027s Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32977"
},
{
"category": "external",
"summary": "RHBZ#2207830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32977"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042",
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042"
}
],
"release_date": "2023-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin"
},
{
"cve": "CVE-2023-32981",
"discovery_date": "2023-05-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2207835"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing \"dot dot\" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32981"
},
{
"category": "external",
"summary": "RHBZ#2207835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32981"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196",
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196"
}
],
"release_date": "2023-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin"
}
]
}
RHSA-2023_0189
Vulnerability from csaf_redhat - Published: 2023-01-17 11:47 - Updated: 2024-12-10 17:42Summary
Red Hat Security Advisory: Red Hat AMQ Streams 2.3.0 release and security update
Severity
Moderate
Notes
Topic: Red Hat AMQ Streams 2.3.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.3.0 serves as a replacement for Red Hat AMQ Streams 2.2.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)
* jetty-server: Improper release of ByteBuffers in SslConnections (CVE-2022-2191)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jetty-http: improver hostname input handling (CVE-2022-2047)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Eclipse Jetty. When parsing the authority segment of an HTTP scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This issue can lead to failures in a Proxy scenario.
CWE-20 - Improper Input ValidationAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.3.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.3.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Jetty-server package. This flaw allows an attacker to send invalid requests, causing a denial of service in the Jetty Server.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.3.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.3.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.3.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.3.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Streams 2.3.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.3.0 serves as a replacement for Red Hat AMQ Streams 2.2.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)\n\n* jetty-server: Improper release of ByteBuffers in SslConnections (CVE-2022-2191)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jetty-http: improver hostname input handling (CVE-2022-2047)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0189",
"url": "https://access.redhat.com/errata/RHSA-2023:0189"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.3.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.3.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.3",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.3"
},
{
"category": "external",
"summary": "2116949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116949"
},
{
"category": "external",
"summary": "2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "2116953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116953"
},
{
"category": "external",
"summary": "2129710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0189.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.3.0 release and security update",
"tracking": {
"current_release_date": "2024-12-10T17:42:01+00:00",
"generator": {
"date": "2024-12-10T17:42:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:0189",
"initial_release_date": "2023-01-17T11:47:38+00:00",
"revision_history": [
{
"date": "2023-01-17T11:47:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-17T11:47:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-10T17:42:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Streams 2.3.0",
"product": {
"name": "Red Hat AMQ Streams 2.3.0",
"product_id": "Red Hat AMQ Streams 2.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:2"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2047",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2116949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. When parsing the authority segment of an HTTP scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This issue can lead to failures in a Proxy scenario.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http: improver hostname input handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Satellite jetty was used to build index files to search documentation. Nowadays in Satellite 6.9 and 6.10 jetty dependency is not in use and there is no access to it, so there is no way this vulnerability can be exploitable. Therefore Satellite supported versions are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.3.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2047"
},
{
"category": "external",
"summary": "RHBZ#2116949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2047"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q"
}
],
"release_date": "2022-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-17T11:47:38+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.3.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0189"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.3.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jetty-http: improver hostname input handling"
},
{
"cve": "CVE-2022-2048",
"cwe": {
"id": "CWE-410",
"name": "Insufficient Resource Pool"
},
"discovery_date": "2022-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2116952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http2-server: Invalid HTTP/2 requests cause DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.3.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2048"
},
{
"category": "external",
"summary": "RHBZ#2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
}
],
"release_date": "2022-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-17T11:47:38+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.3.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0189"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.3.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http2-server: Invalid HTTP/2 requests cause DoS"
},
{
"cve": "CVE-2022-2191",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2022-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2116953"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jetty-server package. This flaw allows an attacker to send invalid requests, causing a denial of service in the Jetty Server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Improper release of ByteBuffers in SslConnections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Satellite 6.9 we are using 9.4.x or below of jetty-server. Red Hat Satellite 6.10 is not using jetty-server anymore. This flaw only affects versions above 10.0.x or 11.0.x of jetty-server, therefore Red Hat Satellite 6.9 or 6.10 are not impacted by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.3.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2191"
},
{
"category": "external",
"summary": "RHBZ#2116953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116953"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2191"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2191"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28"
}
],
"release_date": "2022-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-17T11:47:38+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.3.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0189"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.3.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Improper release of ByteBuffers in SslConnections"
},
{
"cve": "CVE-2022-38752",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129710"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.3.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38752"
},
{
"category": "external",
"summary": "RHBZ#2129710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-17T11:47:38+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.3.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0189"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.3.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.3.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-17T11:47:38+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.3.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0189"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.3.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.3.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-17T11:47:38+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.3.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0189"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.3.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
}
]
}
RHSA-2023_0261
Vulnerability from csaf_redhat - Published: 2023-01-18 14:55 - Updated: 2024-12-16 16:06Summary
Red Hat Security Advisory: Satellite 6.12.1 Async Security Update
Severity
Critical
Notes
Topic: Updated Satellite 6.12 packages that fixes critical security bugs and several regular bugs are now available for Red Hat Satellite.
Details: Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security fix(es):
tfm-rubygem-activerecord: activerecord: Possible RCE escalation bug with Serialized Columns in Active Record (CVE-2022-32224)
candlepin: apache-commons-text: variable interpolation RCE (CVE-2022-42889)
This update fixes the following bugs:
2082209 - Another deadlock issue when syncing repos with high concurrency
2141308 - It appears that the egg is downloaded every time
2150069 - With every edit of an exising webhook, the value in password field disappears in Satellite 6.10/6.11/6.12
2150108 - Satellite-clone not working if ansible-core 2.13 is installed
2150111 - Insights recommendation sync failing in Satelliite
2150112 - Random failure of Inventory Sync
2150114 - Insights-client --register --verbose throwing error UnicodeEncodeError: 'ascii' codec can't encode character '\ufffd' in position 94: ordinal not in range(128)
2150118 - Error "no certificate or crl found" when using a http proxy as "Default Http Proxy" for content syncing or manifest operations in Satellite 6.12
2150119 - Content view publish fails when the content view and repository both have a large name with : Error message: the server returns an error HTTP status code: 500
2150123 = Inspecting an image with skopeo no longer works on Capsules
2150125 - Syncable exports across partitions causes ' Invalid cross-device link' error
2150120 - Upgrade to Satellite 6.12 may fail to apply RemoveDrpmFromIgnorableContent migration if erratum is also a ignorable content type for any repo
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An insecure deserialization flaw was found in Active Record, which uses YAML.unsafe_load to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution (RCE), resulting in complete system compromise.
8.5 (High)
Affected products
Fixed
2 products
Known not affected
111 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
Threats
Impact
Important
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
113 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
0.0 (None)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
Known not affected
110 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch | — |
Workaround
|
Threats
Impact
Low
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Satellite 6.12 packages that fixes critical security bugs and several regular bugs are now available for Red Hat Satellite.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.\n\nSecurity fix(es):\ntfm-rubygem-activerecord: activerecord: Possible RCE escalation bug with Serialized Columns in Active Record (CVE-2022-32224)\ncandlepin: apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\nThis update fixes the following bugs:\n2082209 - Another deadlock issue when syncing repos with high concurrency\n2141308 - It appears that the egg is downloaded every time\n2150069 - With every edit of an exising webhook, the value in password field disappears in Satellite 6.10/6.11/6.12\n2150108 - Satellite-clone not working if ansible-core 2.13 is installed\n2150111 - Insights recommendation sync failing in Satelliite\n2150112 - Random failure of Inventory Sync\n2150114 - Insights-client --register --verbose throwing error UnicodeEncodeError: \u0027ascii\u0027 codec can\u0027t encode character \u0027\\ufffd\u0027 in position 94: ordinal not in range(128)\n2150118 - Error \"no certificate or crl found\" when using a http proxy as \"Default Http Proxy\" for content syncing or manifest operations in Satellite 6.12\n2150119 - Content view publish fails when the content view and repository both have a large name with : Error message: the server returns an error HTTP status code: 500\n2150123 = Inspecting an image with skopeo no longer works on Capsules\n2150125 - Syncable exports across partitions causes \u0027 Invalid cross-device link\u0027 error \n2150120 - Upgrade to Satellite 6.12 may fail to apply RemoveDrpmFromIgnorableContent migration if erratum is also a ignorable content type for any repo \n\nUsers of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0261",
"url": "https://access.redhat.com/errata/RHSA-2023:0261"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2082209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082209"
},
{
"category": "external",
"summary": "2108997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108997"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2141308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141308"
},
{
"category": "external",
"summary": "2150069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150069"
},
{
"category": "external",
"summary": "2150108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150108"
},
{
"category": "external",
"summary": "2150111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150111"
},
{
"category": "external",
"summary": "2150112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150112"
},
{
"category": "external",
"summary": "2150114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150114"
},
{
"category": "external",
"summary": "2150118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150118"
},
{
"category": "external",
"summary": "2150119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150119"
},
{
"category": "external",
"summary": "2150120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150120"
},
{
"category": "external",
"summary": "2150123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150123"
},
{
"category": "external",
"summary": "2150125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150125"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0261.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.12.1 Async Security Update",
"tracking": {
"current_release_date": "2024-12-16T16:06:10+00:00",
"generator": {
"date": "2024-12-16T16:06:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:0261",
"initial_release_date": "2023-01-18T14:55:53+00:00",
"revision_history": [
{
"date": "2023-01-18T14:55:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-18T14:55:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-16T16:06:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.12::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.12::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.12::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-maintenance",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_maintenance:6.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pulp-container-0:2.10.10-1.el8pc.src",
"product": {
"name": "python-pulp-container-0:2.10.10-1.el8pc.src",
"product_id": "python-pulp-container-0:2.10.10-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulp-container@2.10.10-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulpcore-0:3.18.11-1.el8pc.src",
"product": {
"name": "python-pulpcore-0:3.18.11-1.el8pc.src",
"product_id": "python-pulpcore-0:3.18.11-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulpcore@3.18.11-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulp-rpm-0:3.18.9-1.el8pc.src",
"product": {
"name": "python-pulp-rpm-0:3.18.9-1.el8pc.src",
"product_id": "python-pulp-rpm-0:3.18.9-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulp-rpm@3.18.9-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"product": {
"name": "rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"product_id": "rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_rh_cloud@6.0.44-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"product": {
"name": "rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"product_id": "rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_webhooks@3.0.5-1.1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.5.0.22-1.el8sat.src",
"product": {
"name": "rubygem-katello-0:4.5.0.22-1.el8sat.src",
"product_id": "rubygem-katello-0:4.5.0.22-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.5.0.22-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"product": {
"name": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"product_id": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-smart_proxy_container_gateway@1.0.7-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.12.1-1.el8sat.src",
"product": {
"name": "satellite-0:6.12.1-1.el8sat.src",
"product_id": "satellite-0:6.12.1-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.12.1-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.3.0.18-1.el8sat.src",
"product": {
"name": "foreman-0:3.3.0.18-1.el8sat.src",
"product_id": "foreman-0:3.3.0.18-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.3.0.18-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-actioncable-0:6.0.6-2.el8sat.src",
"product": {
"name": "rubygem-actioncable-0:6.0.6-2.el8sat.src",
"product_id": "rubygem-actioncable-0:6.0.6-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actioncable@6.0.6-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"product": {
"name": "rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"product_id": "rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionmailbox@6.0.6-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"product": {
"name": "rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"product_id": "rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionmailer@6.0.6-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionpack-0:6.0.6-2.el8sat.src",
"product": {
"name": "rubygem-actionpack-0:6.0.6-2.el8sat.src",
"product_id": "rubygem-actionpack-0:6.0.6-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionpack@6.0.6-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-actiontext-0:6.0.6-2.el8sat.src",
"product": {
"name": "rubygem-actiontext-0:6.0.6-2.el8sat.src",
"product_id": "rubygem-actiontext-0:6.0.6-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actiontext@6.0.6-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionview-0:6.0.6-2.el8sat.src",
"product": {
"name": "rubygem-actionview-0:6.0.6-2.el8sat.src",
"product_id": "rubygem-actionview-0:6.0.6-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionview@6.0.6-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activejob-0:6.0.6-2.el8sat.src",
"product": {
"name": "rubygem-activejob-0:6.0.6-2.el8sat.src",
"product_id": "rubygem-activejob-0:6.0.6-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activejob@6.0.6-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-0:6.0.6-2.el8sat.src",
"product": {
"name": "rubygem-activemodel-0:6.0.6-2.el8sat.src",
"product_id": "rubygem-activemodel-0:6.0.6-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel@6.0.6-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activerecord-0:6.0.6-2.el8sat.src",
"product": {
"name": "rubygem-activerecord-0:6.0.6-2.el8sat.src",
"product_id": "rubygem-activerecord-0:6.0.6-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activerecord@6.0.6-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activestorage-0:6.0.6-2.el8sat.src",
"product": {
"name": "rubygem-activestorage-0:6.0.6-2.el8sat.src",
"product_id": "rubygem-activestorage-0:6.0.6-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activestorage@6.0.6-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-0:6.0.6-1.el8sat.src",
"product": {
"name": "rubygem-activesupport-0:6.0.6-1.el8sat.src",
"product_id": "rubygem-activesupport-0:6.0.6-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport@6.0.6-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rails-0:6.0.6-2.el8sat.src",
"product": {
"name": "rubygem-rails-0:6.0.6-2.el8sat.src",
"product_id": "rubygem-rails-0:6.0.6-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rails@6.0.6-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-railties-0:6.0.6-2.el8sat.src",
"product": {
"name": "rubygem-railties-0:6.0.6-2.el8sat.src",
"product_id": "rubygem-railties-0:6.0.6-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-railties@6.0.6-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-clone-0:3.2.0-2.el8sat.src",
"product": {
"name": "satellite-clone-0:3.2.0-2.el8sat.src",
"product_id": "satellite-clone-0:3.2.0-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-clone@3.2.0-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "candlepin-0:4.1.18-1.el8sat.src",
"product": {
"name": "candlepin-0:4.1.18-1.el8sat.src",
"product_id": "candlepin-0:4.1.18-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@4.1.18-1.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"product": {
"name": "python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"product_id": "python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulp-container@2.10.10-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"product": {
"name": "python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"product_id": "python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulpcore@3.18.11-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"product": {
"name": "python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"product_id": "python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulp-rpm@3.18.9-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"product_id": "rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_rh_cloud@6.0.44-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"product_id": "rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_webhooks@3.0.5-1.1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"product": {
"name": "rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"product_id": "rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.5.0.22-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"product": {
"name": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"product_id": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-smart_proxy_container_gateway@1.0.7-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.12.1-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.12.1-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.12.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.12.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.12.1-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.12.1-1.el8sat.noarch",
"product_id": "satellite-common-0:6.12.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.12.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.12.1-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.12.1-1.el8sat.noarch",
"product_id": "satellite-0:6.12.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.12.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.12.1-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.12.1-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.12.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.12.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-gce@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-service-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"product_id": "foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.3.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"product": {
"name": "rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"product_id": "rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actioncable@6.0.6-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"product": {
"name": "rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"product_id": "rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionmailbox@6.0.6-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"product": {
"name": "rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"product_id": "rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionmailer@6.0.6-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"product": {
"name": "rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"product_id": "rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionpack@6.0.6-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"product": {
"name": "rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"product_id": "rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actiontext@6.0.6-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"product": {
"name": "rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"product_id": "rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionview@6.0.6-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"product": {
"name": "rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"product_id": "rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activejob@6.0.6-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"product": {
"name": "rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"product_id": "rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel@6.0.6-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"product": {
"name": "rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"product_id": "rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activerecord@6.0.6-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"product": {
"name": "rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"product_id": "rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activestorage@6.0.6-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"product": {
"name": "rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"product_id": "rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport@6.0.6-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rails-0:6.0.6-2.el8sat.noarch",
"product": {
"name": "rubygem-rails-0:6.0.6-2.el8sat.noarch",
"product_id": "rubygem-rails-0:6.0.6-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rails@6.0.6-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-railties-0:6.0.6-2.el8sat.noarch",
"product": {
"name": "rubygem-railties-0:6.0.6-2.el8sat.noarch",
"product_id": "rubygem-railties-0:6.0.6-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-railties@6.0.6-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-clone-0:3.2.0-2.el8sat.noarch",
"product": {
"name": "satellite-clone-0:3.2.0-2.el8sat.noarch",
"product_id": "satellite-clone-0:3.2.0-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-clone@3.2.0-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "candlepin-0:4.1.18-1.el8sat.noarch",
"product": {
"name": "candlepin-0:4.1.18-1.el8sat.noarch",
"product_id": "candlepin-0:4.1.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@4.1.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"product": {
"name": "candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"product_id": "candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin-selinux@4.1.18-1.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.3.0.18-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src"
},
"product_reference": "foreman-0:3.3.0.18-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-container-0:2.10.10-1.el8pc.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src"
},
"product_reference": "python-pulp-container-0:2.10.10-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-rpm-0:3.18.9-1.el8pc.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src"
},
"product_reference": "python-pulp-rpm-0:3.18.9-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.18.11-1.el8pc.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.18.11-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-container-0:2.10.10-1.el8pc.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch"
},
"product_reference": "python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-rpm-0:3.18.9-1.el8pc.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch"
},
"product_reference": "python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.18.11-1.el8pc.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch"
},
"product_reference": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src"
},
"product_reference": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.12.1-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.12.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.12.1-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src"
},
"product_reference": "satellite-0:6.12.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.12.1-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.12.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.12.1-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.12.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.12.1-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.12.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-clone-0:3.2.0-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch"
},
"product_reference": "satellite-clone-0:3.2.0-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-clone-0:3.2.0-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src"
},
"product_reference": "satellite-clone-0:3.2.0-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.3.0.18-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src"
},
"product_reference": "foreman-0:3.3.0.18-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.12.1-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.12.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.12.1-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src"
},
"product_reference": "satellite-0:6.12.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.12.1-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.12.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.12.1-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.12.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.12.1-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.12.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:4.1.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch"
},
"product_reference": "candlepin-0:4.1.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:4.1.18-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src"
},
"product_reference": "candlepin-0:4.1.18-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-selinux-0:4.1.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch"
},
"product_reference": "candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.3.0.18-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src"
},
"product_reference": "foreman-0:3.3.0.18-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.3.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-container-0:2.10.10-1.el8pc.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src"
},
"product_reference": "python-pulp-container-0:2.10.10-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-rpm-0:3.18.9-1.el8pc.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src"
},
"product_reference": "python-pulp-rpm-0:3.18.9-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.18.11-1.el8pc.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.18.11-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-container-0:2.10.10-1.el8pc.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch"
},
"product_reference": "python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-rpm-0:3.18.9-1.el8pc.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch"
},
"product_reference": "python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.18.11-1.el8pc.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actioncable-0:6.0.6-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch"
},
"product_reference": "rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actioncable-0:6.0.6-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src"
},
"product_reference": "rubygem-actioncable-0:6.0.6-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch"
},
"product_reference": "rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionmailbox-0:6.0.6-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src"
},
"product_reference": "rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionmailer-0:6.0.6-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch"
},
"product_reference": "rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionmailer-0:6.0.6-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src"
},
"product_reference": "rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-0:6.0.6-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch"
},
"product_reference": "rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-0:6.0.6-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src"
},
"product_reference": "rubygem-actionpack-0:6.0.6-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actiontext-0:6.0.6-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch"
},
"product_reference": "rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actiontext-0:6.0.6-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src"
},
"product_reference": "rubygem-actiontext-0:6.0.6-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionview-0:6.0.6-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch"
},
"product_reference": "rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionview-0:6.0.6-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src"
},
"product_reference": "rubygem-actionview-0:6.0.6-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activejob-0:6.0.6-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch"
},
"product_reference": "rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activejob-0:6.0.6-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src"
},
"product_reference": "rubygem-activejob-0:6.0.6-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-0:6.0.6-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch"
},
"product_reference": "rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-0:6.0.6-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src"
},
"product_reference": "rubygem-activemodel-0:6.0.6-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activerecord-0:6.0.6-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch"
},
"product_reference": "rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activerecord-0:6.0.6-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src"
},
"product_reference": "rubygem-activerecord-0:6.0.6-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activestorage-0:6.0.6-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch"
},
"product_reference": "rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activestorage-0:6.0.6-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src"
},
"product_reference": "rubygem-activestorage-0:6.0.6-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-0:6.0.6-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch"
},
"product_reference": "rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-0:6.0.6-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src"
},
"product_reference": "rubygem-activesupport-0:6.0.6-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src"
},
"product_reference": "rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src"
},
"product_reference": "rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.5.0.22-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch"
},
"product_reference": "rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.5.0.22-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src"
},
"product_reference": "rubygem-katello-0:4.5.0.22-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rails-0:6.0.6-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch"
},
"product_reference": "rubygem-rails-0:6.0.6-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rails-0:6.0.6-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src"
},
"product_reference": "rubygem-rails-0:6.0.6-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-railties-0:6.0.6-2.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch"
},
"product_reference": "rubygem-railties-0:6.0.6-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-railties-0:6.0.6-2.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src"
},
"product_reference": "rubygem-railties-0:6.0.6-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch"
},
"product_reference": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src"
},
"product_reference": "rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.12.1-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.12.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.12.1-1.el8sat.src as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src"
},
"product_reference": "satellite-0:6.12.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.12.1-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.12.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.12.1-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.12.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.12.1-1.el8sat.noarch as a component of Red Hat Satellite 6.12 for RHEL 8",
"product_id": "8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.12.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32224",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-07-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src",
"8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2108997"
}
],
"notes": [
{
"category": "description",
"text": "An insecure deserialization flaw was found in Active Record, which uses YAML.unsafe_load to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution (RCE), resulting in complete system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "activerecord: Possible RCE escalation bug with Serialized Columns in Active Record",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src",
"8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32224"
},
{
"category": "external",
"summary": "RHBZ#2108997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32224"
},
{
"category": "external",
"summary": "https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017",
"url": "https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-18T14:55:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src",
"8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src",
"8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "activerecord: Possible RCE escalation bug with Serialized Columns in Active Record"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src",
"8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-18T14:55:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src",
"8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0261"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src",
"8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src",
"8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-18T14:55:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src",
"8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0261"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src",
"8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-capsule:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12-capsule:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12-capsule:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-capsule:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-capsule:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.noarch",
"8Base-satellite-6.12-maintenance:satellite-clone-0:3.2.0-2.el8sat.src",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12-utils:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12-utils:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12-utils:satellite-common-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:candlepin-0:4.1.18-1.el8sat.src",
"8Base-satellite-6.12:candlepin-selinux-0:4.1.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-0:3.3.0.18-1.el8sat.src",
"8Base-satellite-6.12:foreman-cli-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-debug-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-dynflow-sidekiq-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ec2-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-gce-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-journald-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-libvirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-openstack-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-ovirt-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-postgresql-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-service-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-telemetry-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:foreman-vmware-0:3.3.0.18-1.el8sat.noarch",
"8Base-satellite-6.12:python-pulp-container-0:2.10.10-1.el8pc.src",
"8Base-satellite-6.12:python-pulp-rpm-0:3.18.9-1.el8pc.src",
"8Base-satellite-6.12:python-pulpcore-0:3.18.11-1.el8pc.src",
"8Base-satellite-6.12:python39-pulp-container-0:2.10.10-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulp-rpm-0:3.18.9-1.el8pc.noarch",
"8Base-satellite-6.12:python39-pulpcore-0:3.18.11-1.el8pc.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actioncable-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailbox-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionmailer-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionpack-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actiontext-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-actionview-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activejob-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activemodel-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activerecord-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activestorage-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-activesupport-0:6.0.6-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_rh_cloud-0:6.0.44-1.el8sat.src",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-foreman_webhooks-0:3.0.5-1.1.el8sat.src",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-katello-0:4.5.0.22-1.el8sat.src",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-rails-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.noarch",
"8Base-satellite-6.12:rubygem-railties-0:6.0.6-2.el8sat.src",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.noarch",
"8Base-satellite-6.12:rubygem-smart_proxy_container_gateway-0:1.0.7-1.el8sat.src",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-0:6.12.1-1.el8sat.src",
"8Base-satellite-6.12:satellite-capsule-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-cli-0:6.12.1-1.el8sat.noarch",
"8Base-satellite-6.12:satellite-common-0:6.12.1-1.el8sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "apache-commons-text: variable interpolation RCE"
}
]
}
RHSA-2023_0264
Vulnerability from csaf_redhat - Published: 2023-01-19 11:03 - Updated: 2024-12-17 22:07Summary
Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update
Severity
Moderate
Notes
Topic: An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Logging Subsystem 5.6.0 - Red Hat OpenShift
* logging-view-plugin-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)
* logging-elasticsearch6-container: jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* logging-loki-container: various flaws (CVE-2022-2879 CVE-2022-2880 CVE-2022-41715)
* logging-loki-container: golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* org.elasticsearch-elasticsearch: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* org.elasticsearch-elasticsearch: jackson-databind: use of deeply nested arrays (CVE-2022-42004)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
References
86 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Logging Subsystem 5.6.0 - Red Hat OpenShift\n\n* logging-view-plugin-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)\n* logging-elasticsearch6-container: jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n* logging-loki-container: various flaws (CVE-2022-2879 CVE-2022-2880 CVE-2022-41715)\n* logging-loki-container: golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n* org.elasticsearch-elasticsearch: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* org.elasticsearch-elasticsearch: jackson-databind: use of deeply nested arrays (CVE-2022-42004)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0264",
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2134876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "LOG-2217",
"url": "https://issues.redhat.com/browse/LOG-2217"
},
{
"category": "external",
"summary": "LOG-2620",
"url": "https://issues.redhat.com/browse/LOG-2620"
},
{
"category": "external",
"summary": "LOG-2819",
"url": "https://issues.redhat.com/browse/LOG-2819"
},
{
"category": "external",
"summary": "LOG-2822",
"url": "https://issues.redhat.com/browse/LOG-2822"
},
{
"category": "external",
"summary": "LOG-2843",
"url": "https://issues.redhat.com/browse/LOG-2843"
},
{
"category": "external",
"summary": "LOG-2919",
"url": "https://issues.redhat.com/browse/LOG-2919"
},
{
"category": "external",
"summary": "LOG-2962",
"url": "https://issues.redhat.com/browse/LOG-2962"
},
{
"category": "external",
"summary": "LOG-2993",
"url": "https://issues.redhat.com/browse/LOG-2993"
},
{
"category": "external",
"summary": "LOG-3072",
"url": "https://issues.redhat.com/browse/LOG-3072"
},
{
"category": "external",
"summary": "LOG-3090",
"url": "https://issues.redhat.com/browse/LOG-3090"
},
{
"category": "external",
"summary": "LOG-3129",
"url": "https://issues.redhat.com/browse/LOG-3129"
},
{
"category": "external",
"summary": "LOG-3157",
"url": "https://issues.redhat.com/browse/LOG-3157"
},
{
"category": "external",
"summary": "LOG-3161",
"url": "https://issues.redhat.com/browse/LOG-3161"
},
{
"category": "external",
"summary": "LOG-3168",
"url": "https://issues.redhat.com/browse/LOG-3168"
},
{
"category": "external",
"summary": "LOG-3169",
"url": "https://issues.redhat.com/browse/LOG-3169"
},
{
"category": "external",
"summary": "LOG-3180",
"url": "https://issues.redhat.com/browse/LOG-3180"
},
{
"category": "external",
"summary": "LOG-3186",
"url": "https://issues.redhat.com/browse/LOG-3186"
},
{
"category": "external",
"summary": "LOG-3194",
"url": "https://issues.redhat.com/browse/LOG-3194"
},
{
"category": "external",
"summary": "LOG-3195",
"url": "https://issues.redhat.com/browse/LOG-3195"
},
{
"category": "external",
"summary": "LOG-3208",
"url": "https://issues.redhat.com/browse/LOG-3208"
},
{
"category": "external",
"summary": "LOG-3224",
"url": "https://issues.redhat.com/browse/LOG-3224"
},
{
"category": "external",
"summary": "LOG-3235",
"url": "https://issues.redhat.com/browse/LOG-3235"
},
{
"category": "external",
"summary": "LOG-3286",
"url": "https://issues.redhat.com/browse/LOG-3286"
},
{
"category": "external",
"summary": "LOG-3292",
"url": "https://issues.redhat.com/browse/LOG-3292"
},
{
"category": "external",
"summary": "LOG-3296",
"url": "https://issues.redhat.com/browse/LOG-3296"
},
{
"category": "external",
"summary": "LOG-3309",
"url": "https://issues.redhat.com/browse/LOG-3309"
},
{
"category": "external",
"summary": "LOG-3324",
"url": "https://issues.redhat.com/browse/LOG-3324"
},
{
"category": "external",
"summary": "LOG-3331",
"url": "https://issues.redhat.com/browse/LOG-3331"
},
{
"category": "external",
"summary": "LOG-3446",
"url": "https://issues.redhat.com/browse/LOG-3446"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0264.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update",
"tracking": {
"current_release_date": "2024-12-17T22:07:38+00:00",
"generator": {
"date": "2024-12-17T22:07:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:0264",
"initial_release_date": "2023-01-19T11:03:41+00:00",
"revision_history": [
{
"date": "2023-01-19T11:03:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-19T11:03:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:07:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOL 5.6 for RHEL 8",
"product": {
"name": "RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.6::el8"
}
}
}
],
"category": "product_family",
"name": "logging for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"product_id": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"product_id": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.6.0-142"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.6.0-130"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"product_id": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"product": {
"name": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"product_id": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.6.0-172"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
"product_id": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64"
},
"product_reference": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
},
{
"cve": "CVE-2022-37601",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-10-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134876"
}
],
"notes": [
{
"category": "description",
"text": "A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: prototype pollution in function parseQuery in parseQuery.js",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Packages shipped in Red Hat Enterprise Linux use \u0027loader-utils\u0027 as a transitive dependency. Thus, reducing the impact to Moderate.\n\nIn Red Hat containerized products like OCP and ODF, the vulnerable loader-utils NodeJS module is bundled as a transitive dependency, hence the direct impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37601"
},
{
"category": "external",
"summary": "RHBZ#2134876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601"
},
{
"category": "external",
"summary": "https://github.com/webpack/loader-utils/issues/212",
"url": "https://github.com/webpack/loader-utils/issues/212"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: prototype pollution in function parseQuery in parseQuery.js"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
}
]
}
RHSA-2023_0469
Vulnerability from csaf_redhat - Published: 2023-01-26 09:42 - Updated: 2024-12-17 22:55Summary
Red Hat Security Advisory: Red Hat Integration Camel Extensions For Quarkus 2.13.2
Severity
Moderate
Notes
Topic: Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.
Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Integration - Camel Extensions for Quarkus 2.13.2 serves as a replacement for 2.7 and includes the following security fixes.
Security Fix(es):
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40153)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40155)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40154)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Q 2.13.2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:2.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Q 2.13.2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:2.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Q 2.13.2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:2.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Q 2.13.2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:2.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Q 2.13.2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:2.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Q 2.13.2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:2.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Q 2.13.2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:2.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Q 2.13.2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:2.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Q 2.13.2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:2.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Q 2.13.2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:2.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Q 2.13.2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:2.13
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
References
65 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.\n\nRed Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Integration - Camel Extensions for Quarkus 2.13.2 serves as a replacement for 2.7 and includes the following security fixes.\n\nSecurity Fix(es):\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40153)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40155)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40154)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0469",
"url": "https://access.redhat.com/errata/RHSA-2023:0469"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q1",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q1"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_integration/2023.q1",
"url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2023.q1"
},
{
"category": "external",
"summary": "2128959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128959"
},
{
"category": "external",
"summary": "2134288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134288"
},
{
"category": "external",
"summary": "2134289",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134289"
},
{
"category": "external",
"summary": "2134290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134290"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0469.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Integration Camel Extensions For Quarkus 2.13.2",
"tracking": {
"current_release_date": "2024-12-17T22:55:42+00:00",
"generator": {
"date": "2024-12-17T22:55:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:0469",
"initial_release_date": "2023-01-26T09:42:15+00:00",
"revision_history": [
{
"date": "2023-01-26T09:42:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-26T09:42:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:55:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHINT Camel-Q 2.13.2",
"product": {
"name": "RHINT Camel-Q 2.13.2",
"product_id": "RHINT Camel-Q 2.13.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:camel_quarkus:2.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Q 2.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T09:42:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Q 2.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0469"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Q 2.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Q 2.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T09:42:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Q 2.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0469"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Q 2.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40151",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Q 2.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40151"
},
{
"category": "external",
"summary": "RHBZ#2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T09:42:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Q 2.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0469"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Q 2.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Q 2.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T09:42:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Q 2.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0469"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Q 2.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40153",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134290"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Q 2.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40153"
},
{
"category": "external",
"summary": "RHBZ#2134290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134290"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40153"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40153",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40153"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T09:42:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Q 2.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0469"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Q 2.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40154",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2128959"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Q 2.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40154"
},
{
"category": "external",
"summary": "RHBZ#2128959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40154"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40154"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T09:42:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Q 2.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0469"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Q 2.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40155",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134289"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Q 2.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40155"
},
{
"category": "external",
"summary": "RHBZ#2134289",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134289"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40155"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T09:42:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Q 2.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0469"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Q 2.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40156",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134288"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Q 2.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40156"
},
{
"category": "external",
"summary": "RHBZ#2134288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40156"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T09:42:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Q 2.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0469"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Q 2.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Q 2.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T09:42:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Q 2.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0469"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Q 2.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Q 2.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T09:42:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Q 2.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0469"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Q 2.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Q 2.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T09:42:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Q 2.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0469"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"RHINT Camel-Q 2.13.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Q 2.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "apache-commons-text: variable interpolation RCE"
}
]
}
RHSA-2023_0471
Vulnerability from csaf_redhat - Published: 2023-01-26 12:14 - Updated: 2024-12-16 02:13Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security update
Severity
Important
Notes
Topic: An update is now available for Migration Toolkit for Runtimes (v1.0.1).
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Security Fix(es):
* jib-core: RCE via the isDockerInstalled (CVE-2022-25914)
* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* loader-utils: Regular expression denial of service (CVE-2022-37603)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jib-core package. This flaw allows an attacker to execute remote code into its target.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Migration Toolkit for Runtimes (v1.0.1).\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* jib-core: RCE via the isDockerInstalled (CVE-2022-25914)\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0471",
"url": "https://access.redhat.com/errata/RHSA-2023:0471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions"
},
{
"category": "external",
"summary": "2134344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134344"
},
{
"category": "external",
"summary": "2134609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0471.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security update",
"tracking": {
"current_release_date": "2024-12-16T02:13:15+00:00",
"generator": {
"date": "2024-12-16T02:13:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:0471",
"initial_release_date": "2023-01-26T12:14:50+00:00",
"revision_history": [
{
"date": "2023-01-26T12:14:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-26T12:14:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-16T02:13:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product": {
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Runtimes"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3517",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2022-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134609"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-minimatch: ReDoS via the braceExpand function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3517"
},
{
"category": "external",
"summary": "RHBZ#2134609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517"
}
],
"release_date": "2022-02-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T12:14:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0471"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-minimatch: ReDoS via the braceExpand function"
},
{
"cve": "CVE-2022-25914",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jib-core package. This flaw allows an attacker to execute remote code into its target.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jib-core: RCE via the isDockerInstalled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25914"
},
{
"category": "external",
"summary": "RHBZ#2134344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25914",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25914"
}
],
"release_date": "2022-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T12:14:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0471"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jib-core: RCE via the isDockerInstalled"
},
{
"cve": "CVE-2022-37603",
"cwe": {
"id": "CWE-185",
"name": "Incorrect Regular Expression"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140597"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37603"
},
{
"category": "external",
"summary": "RHBZ#2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T12:14:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0471"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: Regular expression denial of service"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T12:14:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0471"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T12:14:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0471"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-42920",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2142707"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42920"
},
{
"category": "external",
"summary": "RHBZ#2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4",
"url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T12:14:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0471"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…