Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2019-11247
Vulnerability from cvelistv5
Published
2019-08-29 00:25
Modified
2024-09-16 18:04
Severity ?
EPSS score ?
Summary
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes |
Version: prior to 1.13.9 Version: prior to 1.14.5 Version: prior to 1.15.2 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.10 Version: 1.11 Version: 1.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:48:09.018Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/kubernetes/kubernetes/issues/80983", }, { name: "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ", }, { name: "RHSA-2019:2690", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2690", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190919-0003/", }, { name: "RHBA-2019:2816", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:2816", }, { name: "RHBA-2019:2824", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:2824", }, { name: "RHSA-2019:2769", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Kubernetes", vendor: "Kubernetes", versions: [ { status: "affected", version: "prior to 1.13.9", }, { status: "affected", version: "prior to 1.14.5", }, { status: "affected", version: "prior to 1.15.2", }, { status: "affected", version: "1.7", }, { status: "affected", version: "1.8", }, { status: "affected", version: "1.9", }, { status: "affected", version: "1.10", }, { status: "affected", version: "1.11", }, { status: "affected", version: "1.12", }, ], }, ], credits: [ { lang: "en", value: "Prabu Shyam, Verizon Media", }, ], datePublic: "2019-08-05T00:00:00", descriptions: [ { lang: "en", value: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-24T22:06:25", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/kubernetes/kubernetes/issues/80983", }, { name: "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ", }, { name: "RHSA-2019:2690", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2690", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190919-0003/", }, { name: "RHBA-2019:2816", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:2816", }, { name: "RHBA-2019:2824", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:2824", }, { name: "RHSA-2019:2769", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], source: { defect: [ "https://github.com/kubernetes/kubernetes/issues/80983", ], discovery: "USER", }, title: "Kubernetes kube-apiserver allows access to custom resources via wrong scope", workarounds: [ { lang: "en", value: "To mitigate, remove authorization rules that grant access to cluster-scoped resources within namespaces. For example, RBAC roles and clusterroles intended to be referenced by namespaced rolebindings should not grant access to resources:[*], apiGroups:[*], or grant access to cluster-scoped custom resources.", }, ], x_generator: { engine: "Vulnogram 0.0.7", }, x_legacyV4Record: { CVE_data_meta: { AKA: "", ASSIGNER: "security@kubernetes.io", DATE_PUBLIC: "2019-08-05", ID: "CVE-2019-11247", STATE: "PUBLIC", TITLE: "Kubernetes kube-apiserver allows access to custom resources via wrong scope", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Kubernetes", version: { version_data: [ { version_value: "prior to 1.13.9", }, { version_value: "prior to 1.14.5", }, { version_value: "prior to 1.15.2", }, { version_value: "1.7", }, { version_value: "1.8", }, { version_value: "1.9", }, { version_value: "1.10", }, { version_value: "1.11", }, { version_value: "1.12", }, ], }, }, ], }, vendor_name: "Kubernetes", }, ], }, }, configuration: [], credit: [ { lang: "eng", value: "Prabu Shyam, Verizon Media", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", }, ], }, exploit: [], generator: { engine: "Vulnogram 0.0.7", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20: Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/kubernetes/kubernetes/issues/80983", refsource: "CONFIRM", url: "https://github.com/kubernetes/kubernetes/issues/80983", }, { name: "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249", refsource: "MLIST", url: "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ", }, { name: "RHSA-2019:2690", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2690", }, { name: "https://security.netapp.com/advisory/ntap-20190919-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190919-0003/", }, { name: "RHBA-2019:2816", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:2816", }, { name: "RHBA-2019:2824", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:2824", }, { name: "RHSA-2019:2769", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], }, solution: [], source: { advisory: "", defect: [ "https://github.com/kubernetes/kubernetes/issues/80983", ], discovery: "USER", }, work_around: [ { lang: "en", value: "To mitigate, remove authorization rules that grant access to cluster-scoped resources within namespaces. For example, RBAC roles and clusterroles intended to be referenced by namespaced rolebindings should not grant access to resources:[*], apiGroups:[*], or grant access to cluster-scoped custom resources.", }, ], }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2019-11247", datePublished: "2019-08-29T00:25:27.667656Z", dateReserved: "2019-04-17T00:00:00", dateUpdated: "2024-09-16T18:04:25.053Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2019-11247\",\"sourceIdentifier\":\"jordan@liggitt.net\",\"published\":\"2019-08-29T01:15:11.287\",\"lastModified\":\"2024-11-21T04:20:47.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.\"},{\"lang\":\"es\",\"value\":\"El kube-apiserver de Kubernetes permite por error el acceso a un recurso personalizado de ámbito de clúster si la solicitud se realiza como si el recurso estuviera con espacio de nombres. Las autorizaciones para el recurso al que se tiene acceso de esta manera se aplican mediante roles y enlaces de roles dentro del espacio de nombres, lo que significa que un usuario con acceso solo a un recurso en un espacio de nombres podría crear, ver actualizar o eliminar el recurso de ámbito de clúster (según sus privilegios de rol de espacio de nombres). Las versiones afectadas de Kubernetes incluyen versiones anteriores a 1.13.9, versiones anteriores a 1.14.5, versiones anteriores a 1.15.2 y versiones 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV30\":[{\"source\":\"jordan@liggitt.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"jordan@liggitt.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.7.0\",\"versionEndIncluding\":\"1.12.10\",\"matchCriteriaId\":\"A582FE75-D84B-4C8F-B836-95FB15F68EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.13.0\",\"versionEndExcluding\":\"1.13.9\",\"matchCriteriaId\":\"14126DA1-4F03-43D3-BD14-0BE06EC8F4E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.14.0\",\"versionEndExcluding\":\"1.14.5\",\"matchCriteriaId\":\"E10D117F-F0C4-4355-98E3-BB4A401258DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.15.0\",\"versionEndExcluding\":\"1.15.2\",\"matchCriteriaId\":\"2BECD4DB-0E6B-4C4A-B714-F6E4724BD0F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:1.12.11:beta0:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EAFE32A-5295-4A4B-9EC1-A1DB3CAE3DC8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"309CB6F8-F178-454C-BE97-787F78647C28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DBCD38F-BBE8-488C-A8C3-5782F191D915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87326E-0B56-4356-A889-73D026DB1D4B\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHBA-2019:2816\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:2824\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2690\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2769\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/issues/80983\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190919-0003/\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:2816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:2824\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2690\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/issues/80983\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190919-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", }, }
RHSA-2019:2769
Vulnerability from csaf_redhat
Published
2019-10-24 21:31
Modified
2025-03-15 19:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.9 security update
Notes
Topic
An security update is now available for Red Hat OpenShift Container Platform 3.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for Red Hat OpenShift Container
Platform 3.9, which have been rebuilt with an updated version of golang.
Security Fix(es):
* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An security update is now available for Red Hat OpenShift Container Platform 3.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for Red Hat OpenShift Container\nPlatform 3.9, which have been rebuilt with an updated version of golang.\n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:2769", url: "https://access.redhat.com/errata/RHSA-2019:2769", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2769.json", }, ], title: "Red Hat Security Advisory: OpenShift Container Platform 3.9 security update", tracking: { current_release_date: "2025-03-15T19:44:42+00:00", generator: { date: "2025-03-15T19:44:42+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2019:2769", initial_release_date: "2019-10-24T21:31:32+00:00", revision_history: [ { date: "2019-10-24T21:31:32+00:00", number: "1", summary: "Initial version", }, { date: "2019-10-24T21:31:32+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T19:44:42+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Container Platform 3.9", product: { name: "Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:3.9::el7", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "cri-o-0:1.9.16-3.git858756d.el7.x86_64", product: { name: "cri-o-0:1.9.16-3.git858756d.el7.x86_64", product_id: "cri-o-0:1.9.16-3.git858756d.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cri-o@1.9.16-3.git858756d.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", product: { name: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", product_id: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cri-o-debuginfo@1.9.16-3.git858756d.el7?arch=x86_64", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", product: { name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", product_id: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@2.1-3.git885c9f40.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-efs-provisioner@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-local-provisioner@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-snapshot-controller@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-snapshot-provisioner@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-debuginfo@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", product: { name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", product_id: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.9.101-1.git.1.601c6d2.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", product: { name: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", product_id: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.101-1.git.1.13625cf.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", product: { name: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", product_id: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-node-exporter@3.9.101-1.git.1.8295224.el7?arch=x86_64", }, }, }, { category: "product_version", name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", product: { name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", product_id: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-prometheus-alert-buffer@0-3.gitceca8c1.el7?arch=x86_64", }, }, }, { category: "product_version", name: "ansible-service-broker-0:1.1.20-2.el7.x86_64", product: { name: "ansible-service-broker-0:1.1.20-2.el7.x86_64", product_id: "ansible-service-broker-0:1.1.20-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.1.20-2.el7?arch=x86_64", }, }, }, { category: "product_version", name: "heapster-0:1.3.0-4.el7.x86_64", product: { name: "heapster-0:1.3.0-4.el7.x86_64", product_id: "heapster-0:1.3.0-4.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/heapster@1.3.0-4.el7?arch=x86_64", }, }, }, { category: "product_version", name: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", product: { name: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", product_id: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/hawkular-openshift-agent@1.2.2-3.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", product: { name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", product_id: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-eventrouter@0.1-3.git5bd9251.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", product: { name: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", product_id: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-eventrouter-debuginfo@0.1-3.git5bd9251.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product: { name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product_id: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cri-tools@1.0.0-6.rhaos3.9.git8e6013a.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product: { name: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product_id: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cri-tools-debuginfo@1.0.0-6.rhaos3.9.git8e6013a.el7?arch=x86_64", }, }, }, { category: "product_version", name: "containernetworking-plugins-0:0.5.2-6.el7.x86_64", product: { name: "containernetworking-plugins-0:0.5.2-6.el7.x86_64", product_id: "containernetworking-plugins-0:0.5.2-6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/containernetworking-plugins@0.5.2-6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", product: { name: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", product_id: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/containernetworking-plugins-debuginfo@0.5.2-6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product: { name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product_id: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-promu@0-5.git85ceabc.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product: { name: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product_id: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-promu@0-5.git85ceabc.el7?arch=x86_64", }, }, }, { category: "product_version", name: "image-inspector-0:2.1.3-2.el7.x86_64", product: { name: "image-inspector-0:2.1.3-2.el7.x86_64", product_id: "image-inspector-0:2.1.3-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/image-inspector@2.1.3-2.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", product: { name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", product_id: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openvswitch-ovn-kubernetes@0.1.0-3.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", product: { name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", product_id: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-image-registry@3.8.0-2.git.216.b6b90bb.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", product: { name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", product_id: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-2.git.267.bb59a3f.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", product: { name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", product_id: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-2.git.167.5d6b0d4.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", product: { name: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", product_id: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-alertmanager@0.14.0-2.git30af4d0.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", product: { name: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", product_id: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus@2.2.1-2.gitbc6058c.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", product: { name: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", product_id: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cockpit-kubernetes@195-2.rhaos.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", product: { name: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", product_id: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cockpit-debuginfo@195-2.rhaos.el7?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "cri-o-0:1.9.16-3.git858756d.el7.src", product: { name: "cri-o-0:1.9.16-3.git858756d.el7.src", product_id: "cri-o-0:1.9.16-3.git858756d.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/cri-o@1.9.16-3.git858756d.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", product: { name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", product_id: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@2.1-3.git885c9f40.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", product: { name: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", product_id: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage@0.0.1-9.git78d6339.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", product: { name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", product_id: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.9.101-1.git.0.150f595.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", product: { name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", product_id: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.9.101-1.git.1.601c6d2.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", product: { name: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", product_id: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.101-1.git.1.8295224.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", product: { name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", product_id: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-prometheus-alert-buffer@0-3.gitceca8c1.el7?arch=src", }, }, }, { category: "product_version", name: "ansible-service-broker-0:1.1.20-2.el7.src", product: { name: "ansible-service-broker-0:1.1.20-2.el7.src", product_id: "ansible-service-broker-0:1.1.20-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.1.20-2.el7?arch=src", }, }, }, { category: "product_version", name: "heapster-0:1.3.0-4.el7.src", product: { name: "heapster-0:1.3.0-4.el7.src", product_id: "heapster-0:1.3.0-4.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/heapster@1.3.0-4.el7?arch=src", }, }, }, { category: "product_version", name: "hawkular-openshift-agent-0:1.2.2-3.el7.src", product: { name: "hawkular-openshift-agent-0:1.2.2-3.el7.src", product_id: "hawkular-openshift-agent-0:1.2.2-3.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/hawkular-openshift-agent@1.2.2-3.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", product: { name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", product_id: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-eventrouter@0.1-3.git5bd9251.el7?arch=src", }, }, }, { category: "product_version", name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", product: { name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", product_id: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/cri-tools@1.0.0-6.rhaos3.9.git8e6013a.el7?arch=src", }, }, }, { category: "product_version", name: "containernetworking-plugins-0:0.5.2-6.el7.src", product: { name: "containernetworking-plugins-0:0.5.2-6.el7.src", product_id: "containernetworking-plugins-0:0.5.2-6.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/containernetworking-plugins@0.5.2-6.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", product: { name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", product_id: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-promu@0-5.git85ceabc.el7?arch=src", }, }, }, { category: "product_version", name: "image-inspector-0:2.1.3-2.el7.src", product: { name: "image-inspector-0:2.1.3-2.el7.src", product_id: "image-inspector-0:2.1.3-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/image-inspector@2.1.3-2.el7?arch=src", }, }, }, { category: "product_version", name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", product: { name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", product_id: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openvswitch-ovn-kubernetes@0.1.0-3.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", product: { name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", product_id: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-image-registry@3.8.0-2.git.216.b6b90bb.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", product: { name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", product_id: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-2.git.267.bb59a3f.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", product: { name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", product_id: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-2.git.167.5d6b0d4.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", product: { name: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", product_id: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-alertmanager@0.14.0-2.git30af4d0.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", product: { name: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", product_id: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-prometheus@2.2.1-2.gitbc6058c.el7?arch=src", }, }, }, { category: "product_version", name: "cockpit-0:195-2.rhaos.el7.src", product: { name: "cockpit-0:195-2.rhaos.el7.src", product_id: "cockpit-0:195-2.rhaos.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/cockpit@195-2.rhaos.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product: { name: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product_id: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.101-1.git.0.150f595.el7?arch=noarch", }, }, }, { category: "product_version", name: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product: { name: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product_id: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-excluder@3.9.101-1.git.0.150f595.el7?arch=noarch", }, }, }, { category: "product_version", name: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", product: { name: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", product_id: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker-container-scripts@1.1.20-2.el7?arch=noarch", }, }, }, { category: "product_version", name: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", product: { name: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", product_id: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker-selinux@1.1.20-2.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-service-broker-0:1.1.20-2.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", }, product_reference: "ansible-service-broker-0:1.1.20-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-0:1.1.20-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", }, product_reference: "ansible-service-broker-0:1.1.20-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", }, product_reference: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", }, product_reference: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", }, product_reference: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", }, product_reference: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", }, product_reference: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", }, product_reference: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", }, product_reference: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", }, product_reference: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", }, product_reference: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", }, product_reference: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", }, product_reference: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", }, product_reference: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cockpit-0:195-2.rhaos.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", }, product_reference: "cockpit-0:195-2.rhaos.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", }, product_reference: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", }, product_reference: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "containernetworking-plugins-0:0.5.2-6.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", }, product_reference: "containernetworking-plugins-0:0.5.2-6.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "containernetworking-plugins-0:0.5.2-6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", }, product_reference: "containernetworking-plugins-0:0.5.2-6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", }, product_reference: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-o-0:1.9.16-3.git858756d.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", }, product_reference: "cri-o-0:1.9.16-3.git858756d.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-o-0:1.9.16-3.git858756d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", }, product_reference: "cri-o-0:1.9.16-3.git858756d.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", }, product_reference: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", }, product_reference: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", }, product_reference: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", }, product_reference: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", }, product_reference: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", }, product_reference: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", }, product_reference: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", }, product_reference: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", }, product_reference: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", }, product_reference: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", }, product_reference: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", }, product_reference: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", }, product_reference: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "hawkular-openshift-agent-0:1.2.2-3.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", }, product_reference: "hawkular-openshift-agent-0:1.2.2-3.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", }, product_reference: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "heapster-0:1.3.0-4.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", }, product_reference: "heapster-0:1.3.0-4.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "heapster-0:1.3.0-4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", }, product_reference: "heapster-0:1.3.0-4.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "image-inspector-0:2.1.3-2.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", }, product_reference: "image-inspector-0:2.1.3-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "image-inspector-0:2.1.3-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", }, product_reference: "image-inspector-0:2.1.3-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", }, product_reference: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", }, product_reference: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", }, product_reference: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", }, product_reference: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", }, product_reference: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", }, product_reference: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", }, product_reference: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", }, product_reference: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", }, product_reference: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", }, product_reference: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", }, product_reference: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", }, product_reference: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9512", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735645", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using PING frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "RHBZ#1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9512", url: "https://www.cve.org/CVERecord?id=CVE-2019-9512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-24T21:31:32+00:00", details: "For OpenShift Container Platform 3.9 see the following documentation, which\nwill be updated shortly for release 3.9.100, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using PING frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9514", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735744", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9514", }, { category: "external", summary: "RHBZ#1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9514", url: "https://www.cve.org/CVERecord?id=CVE-2019-9514", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-24T21:31:32+00:00", details: "For OpenShift Container Platform 3.9 see the following documentation, which\nwill be updated shortly for release 3.9.100, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, ], cve: "CVE-2019-11247", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2019-07-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1732192", }, ], notes: [ { category: "description", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "RHBZ#1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11247", url: "https://www.cve.org/CVERecord?id=CVE-2019-11247", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-24T21:31:32+00:00", details: "For OpenShift Container Platform 3.9 see the following documentation, which\nwill be updated shortly for release 3.9.100, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", }, ], }
RHBA-2019:2816
Vulnerability from csaf_redhat
Published
2019-09-24 12:31
Modified
2024-11-22 13:43
Summary
Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update
Notes
Topic
Red Hat OpenShift Container Platform release 3.11.146 is now available with
updates to packages and images that fix several bugs.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.11.146. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2019:2824
This update fixes the following bugs:
* kuryr-controller could not access the OpenShift API LoadBalancer members with OVN if kuryr-controller was running on master nodes. Now, kuryr-controller is forced to be on infrastructure nodes. As a result, kuryr-controller can now access the OpenShift API LoadBalancers. (BZ#1641647)
* In rare cases, the cluster console would not display a projects list when the user logged in. This was due to a race condition that would cause the project list to fail after logging into the admin console. The user would need to refresh the page to see the list of projects. This race condition has been addressed, and projects now load successfully after logging in. (BZ#1703777)
* Image tags were not provided for some ose-pod image pulls. As a result, multiple image versions could be pulled from the ose-pod image. Now, image tags have been added to the registry_auth and only a single image version for ose-pod is pulled. (BZ#1725938)
* Clusters with large numbers of unidled services could see extended wait times applying endpoint changes to cluster IP addresses. Iptables access is now better coordinated and synchronization of firewall rules occurs in less time. (BZ#1734009)
* Egress IP addresses did not operate correctly in namespaces with restrictive NetworkPolicies. Pods that accepted traffic only from specific sources would not be able to send egress traffic via egress IP addresses because the response from the external server would be mistakenly rejected by their NetworkPolicies. Now, replies from egress traffic are correctly recognized as replies rather than as new connections. (BZ#1741477)
* Metrics-server-certs did not remove secrets if the server was uninstalled. The metrics serving cert label has been corrected and metrics serving certs are removed completely. (BZ#1746212)
* Outgoing connections would sometimes be dropped if a minimum kernel version was not installed. A check has been added to ensure that the installed kernel meets the required minimum version to avoid network issues. This check is run during prerequisites, scale-up, and upgrade. (BZ#1749024)
* Upgrade playbooks were not respecting the openshift_docker_additional_registries variable. The registries.conf has been updated to observe inventory variables that have been set or changes since the last upgrade. (BZ#1749341)
All OpenShift Container Platform 3.11 users are advised to upgrade to these
updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Container Platform release 3.11.146 is now available with\nupdates to packages and images that fix several bugs.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.146. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2019:2824\n\nThis update fixes the following bugs: \n\n* kuryr-controller could not access the OpenShift API LoadBalancer members with OVN if kuryr-controller was running on master nodes. Now, kuryr-controller is forced to be on infrastructure nodes. As a result, kuryr-controller can now access the OpenShift API LoadBalancers. (BZ#1641647)\n\n* In rare cases, the cluster console would not display a projects list when the user logged in. This was due to a race condition that would cause the project list to fail after logging into the admin console. The user would need to refresh the page to see the list of projects. This race condition has been addressed, and projects now load successfully after logging in. (BZ#1703777)\n\n* Image tags were not provided for some ose-pod image pulls. As a result, multiple image versions could be pulled from the ose-pod image. Now, image tags have been added to the registry_auth and only a single image version for ose-pod is pulled. (BZ#1725938)\n\n* Clusters with large numbers of unidled services could see extended wait times applying endpoint changes to cluster IP addresses. Iptables access is now better coordinated and synchronization of firewall rules occurs in less time. (BZ#1734009)\n\n* Egress IP addresses did not operate correctly in namespaces with restrictive NetworkPolicies. Pods that accepted traffic only from specific sources would not be able to send egress traffic via egress IP addresses because the response from the external server would be mistakenly rejected by their NetworkPolicies. Now, replies from egress traffic are correctly recognized as replies rather than as new connections. (BZ#1741477)\n\n* Metrics-server-certs did not remove secrets if the server was uninstalled. The metrics serving cert label has been corrected and metrics serving certs are removed completely. (BZ#1746212)\n\n* Outgoing connections would sometimes be dropped if a minimum kernel version was not installed. A check has been added to ensure that the installed kernel meets the required minimum version to avoid network issues. This check is run during prerequisites, scale-up, and upgrade. (BZ#1749024)\n\n* Upgrade playbooks were not respecting the openshift_docker_additional_registries variable. The registries.conf has been updated to observe inventory variables that have been set or changes since the last upgrade. (BZ#1749341)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these\nupdated packages and images.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2019:2816", url: "https://access.redhat.com/errata/RHBA-2019:2816", }, { category: "external", summary: "1432875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1432875", }, { category: "external", summary: "1641647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1641647", }, { category: "external", summary: "1661447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1661447", }, { category: "external", summary: "1703777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1703777", }, { category: "external", summary: "1720172", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1720172", }, { category: "external", summary: "1733327", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1733327", }, { category: "external", summary: "1733429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1733429", }, { category: "external", summary: "1734009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1734009", }, { category: "external", summary: "1735502", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735502", }, { category: "external", summary: "1741477", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1741477", }, { category: "external", summary: "1743950", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1743950", }, { category: "external", summary: "1746212", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1746212", }, { category: "external", summary: "1748982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1748982", }, { category: "external", summary: "1749024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749024", }, { category: "external", summary: "1749341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749341", }, { category: "external", summary: "1752853", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1752853", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_2816.json", }, ], title: "Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update", tracking: { current_release_date: "2024-11-22T13:43:43+00:00", generator: { date: "2024-11-22T13:43:43+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHBA-2019:2816", initial_release_date: "2019-09-24T12:31:29+00:00", revision_history: [ { date: "2019-09-24T12:31:29+00:00", number: "1", summary: "Initial version", }, { date: "2019-09-24T12:31:29+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T13:43:43+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Container Platform 3.11", product: { name: "Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:3.11::el7", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product_id: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.146-1.git.1.3f0869b.el7?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product: { name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product_id: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.146-1.git.1.3f0869b.el7?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", product: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", product_id: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.146-1.git.1.3633245.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", product: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", product_id: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.146-1.git.1.fc7387e.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", product: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", product_id: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.146-1.git.1.fc1edc6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", product: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", product_id: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.146-1.git.1.5278825.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", product: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", product_id: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.146-1.git.1.e0e89f7.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", product: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", product_id: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.146-1.git.1.723cb8d.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", product: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", product_id: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.11.146-1.git.1.75951b8.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", product: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", product_id: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.146-1.git.1.517a261.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", product: { name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", product_id: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-alertmanager@3.11.146-1.git.1.1a30625.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", product: { name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", product_id: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-node-exporter@3.11.146-1.git.1.51554ba.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", product: { name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", product_id: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus@3.11.146-1.git.1.0e18774.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", product: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", product_id: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.146-1.git.1.de160cc.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", product: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", product_id: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.146-1.git.1.113bc35.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "ansible-service-broker-1:1.3.23-2.el7.ppc64le", product: { name: "ansible-service-broker-1:1.3.23-2.el7.ppc64le", product_id: "ansible-service-broker-1:1.3.23-2.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.3.23-2.el7?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "kibana-0:5.6.16-2.el7.ppc64le", product: { name: "kibana-0:5.6.16-2.el7.ppc64le", product_id: "kibana-0:5.6.16-2.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/kibana@5.6.16-2.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", product: { name: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", product_id: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/kibana-debuginfo@5.6.16-2.el7?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product_id: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.146-1.git.1.3f0869b.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product: { name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product_id: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.146-1.git.1.3f0869b.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", product: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", product_id: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.146-1.git.1.3633245.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", product: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", product_id: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.146-1.git.1.fc7387e.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", product: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", product_id: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.146-1.git.1.fc1edc6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", product: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", product_id: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.146-1.git.1.5278825.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", product: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", product_id: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.146-1.git.1.e0e89f7.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", product: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", product_id: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.146-1.git.1.723cb8d.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", product: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", product_id: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.11.146-1.git.1.75951b8.el7?arch=x86_64", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", product: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", product_id: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.146-1.git.1.517a261.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", product: { name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", product_id: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-alertmanager@3.11.146-1.git.1.1a30625.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", product: { name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", product_id: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-node-exporter@3.11.146-1.git.1.51554ba.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", product: { name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", product_id: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus@3.11.146-1.git.1.0e18774.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", product: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", product_id: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.146-1.git.1.de160cc.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", product: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", product_id: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.146-1.git.1.113bc35.el7?arch=x86_64", }, }, }, { category: "product_version", name: "ansible-service-broker-1:1.3.23-2.el7.x86_64", product: { name: "ansible-service-broker-1:1.3.23-2.el7.x86_64", product_id: "ansible-service-broker-1:1.3.23-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.3.23-2.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "kibana-0:5.6.16-2.el7.x86_64", product: { name: "kibana-0:5.6.16-2.el7.x86_64", product_id: "kibana-0:5.6.16-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kibana@5.6.16-2.el7?arch=x86_64", }, }, }, { category: "product_version", name: "kibana-debuginfo-0:5.6.16-2.el7.x86_64", product: { name: "kibana-debuginfo-0:5.6.16-2.el7.x86_64", product_id: "kibana-debuginfo-0:5.6.16-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kibana-debuginfo@5.6.16-2.el7?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", product: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", product_id: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.146-1.git.1.3f0869b.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", product: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", product_id: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.11.146-1.git.0.4aab273.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", product: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", product_id: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.146-1.git.1.3633245.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", product: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", product_id: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.146-1.git.1.fc7387e.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", product: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", product_id: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.146-1.git.1.fc1edc6.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", product: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", product_id: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.146-1.git.1.5278825.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", product: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", product_id: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.146-1.git.1.e0e89f7.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", product: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", product_id: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.146-1.git.1.723cb8d.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", product: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", product_id: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.11.146-1.git.1.75951b8.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", product: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", product_id: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.146-1.git.1.517a261.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", product: { name: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", product_id: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.146-1.git.1.1a30625.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", product: { name: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", product_id: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.146-1.git.1.51554ba.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", product: { name: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", product_id: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.146-1.git.1.0e18774.el7?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", product: { name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", product_id: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@3.11.1567698330-1.el7?arch=src", }, }, }, { category: "product_version", name: "jenkins-0:2.176.3.1568230481-1.el7.src", product: { name: "jenkins-0:2.176.3.1568230481-1.el7.src", product_id: "jenkins-0:2.176.3.1568230481-1.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.176.3.1568230481-1.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", product: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", product_id: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.146-1.git.1.de160cc.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", product: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", product_id: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.146-1.git.1.113bc35.el7?arch=src", }, }, }, { category: "product_version", name: "ansible-service-broker-1:1.3.23-2.el7.src", product: { name: "ansible-service-broker-1:1.3.23-2.el7.src", product_id: "ansible-service-broker-1:1.3.23-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.3.23-2.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "python-elasticsearch-1:5.4.0-2.el7.src", product: { name: "python-elasticsearch-1:5.4.0-2.el7.src", product_id: "python-elasticsearch-1:5.4.0-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/python-elasticsearch@5.4.0-2.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "kibana-0:5.6.16-2.el7.src", product: { name: "kibana-0:5.6.16-2.el7.src", product_id: "kibana-0:5.6.16-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/kibana@5.6.16-2.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product: { name: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product_id: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.146-1.git.0.4aab273.el7?arch=noarch", }, }, }, { category: "product_version", name: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product: { name: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product_id: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-excluder@3.11.146-1.git.0.4aab273.el7?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", product: { name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", product_id: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@3.11.1567698330-1.el7?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-0:2.176.3.1568230481-1.el7.noarch", product: { name: "jenkins-0:2.176.3.1568230481-1.el7.noarch", product_id: "jenkins-0:2.176.3.1568230481-1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.176.3.1568230481-1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", product: { name: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", product_id: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker-container-scripts@1.3.23-2.el7?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", product: { name: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", product_id: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker-selinux@1.3.23-2.el7?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "automation-broker-apb-role-1:1.3.23-2.el7.noarch", product: { name: "automation-broker-apb-role-1:1.3.23-2.el7.noarch", product_id: "automation-broker-apb-role-1:1.3.23-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/automation-broker-apb-role@1.3.23-2.el7?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "python-elasticsearch-1:5.4.0-2.el7.noarch", product: { name: "python-elasticsearch-1:5.4.0-2.el7.noarch", product_id: "python-elasticsearch-1:5.4.0-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/python-elasticsearch@5.4.0-2.el7?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-service-broker-1:1.3.23-2.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", }, product_reference: "ansible-service-broker-1:1.3.23-2.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-1:1.3.23-2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", }, product_reference: "ansible-service-broker-1:1.3.23-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-1:1.3.23-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", }, product_reference: "ansible-service-broker-1:1.3.23-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", }, product_reference: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", }, product_reference: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", }, product_reference: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", }, product_reference: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", }, product_reference: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", }, product_reference: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", }, product_reference: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", }, product_reference: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", }, product_reference: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", }, product_reference: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", }, product_reference: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", }, product_reference: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", }, product_reference: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", }, product_reference: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", }, product_reference: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", }, product_reference: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", }, product_reference: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", }, product_reference: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", }, product_reference: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", }, product_reference: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", }, product_reference: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", }, product_reference: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", }, product_reference: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", }, product_reference: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", }, product_reference: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", }, product_reference: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", }, product_reference: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", }, product_reference: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", }, product_reference: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", }, product_reference: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", }, product_reference: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "automation-broker-apb-role-1:1.3.23-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", }, product_reference: "automation-broker-apb-role-1:1.3.23-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", }, product_reference: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", }, product_reference: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", }, product_reference: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", }, product_reference: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", }, product_reference: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", }, product_reference: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.176.3.1568230481-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", }, product_reference: "jenkins-0:2.176.3.1568230481-1.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.176.3.1568230481-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", }, product_reference: "jenkins-0:2.176.3.1568230481-1.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", }, product_reference: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", }, product_reference: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-0:5.6.16-2.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", }, product_reference: "kibana-0:5.6.16-2.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-0:5.6.16-2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", }, product_reference: "kibana-0:5.6.16-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-0:5.6.16-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", }, product_reference: "kibana-0:5.6.16-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", }, product_reference: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-debuginfo-0:5.6.16-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", }, product_reference: "kibana-debuginfo-0:5.6.16-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", }, product_reference: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", }, product_reference: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", }, product_reference: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", }, product_reference: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", }, product_reference: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", }, product_reference: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", }, product_reference: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", }, product_reference: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", }, product_reference: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", }, product_reference: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", }, product_reference: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", }, product_reference: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "python-elasticsearch-1:5.4.0-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", }, product_reference: "python-elasticsearch-1:5.4.0-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "python-elasticsearch-1:5.4.0-2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", }, product_reference: "python-elasticsearch-1:5.4.0-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, ], cve: "CVE-2019-11247", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2019-07-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1732192", }, ], notes: [ { category: "description", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], known_not_affected: [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "RHBZ#1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11247", url: "https://www.cve.org/CVERecord?id=CVE-2019-11247", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-24T12:31:29+00:00", details: "Before applying this update, ensure all previously released errata\nrelevant to your system have been applied.\n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for release 3.11.146, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", product_ids: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2019:2816", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", }, { cve: "CVE-2019-11249", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2019-08-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1737651", }, ], notes: [ { category: "description", text: "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], known_not_affected: [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11249", }, { category: "external", summary: "RHBZ#1737651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1737651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11249", url: "https://www.cve.org/CVERecord?id=CVE-2019-11249", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11249", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11249", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-24T12:31:29+00:00", details: "Before applying this update, ensure all previously released errata\nrelevant to your system have been applied.\n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for release 3.11.146, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", product_ids: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2019:2816", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal", }, ], }
RHSA-2019:2504
Vulnerability from csaf_redhat
Published
2019-08-15 13:28
Modified
2024-11-22 13:35
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.1.11 openshift security update
Notes
Topic
An update for openshift is now available for Red Hat OpenShift Container Platform 4.1.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for openshift is now available for Red Hat OpenShift Container Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:2504", url: "https://access.redhat.com/errata/RHSA-2019:2504", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2504.json", }, ], title: "Red Hat Security Advisory: OpenShift Container Platform 4.1.11 openshift security update", tracking: { current_release_date: "2024-11-22T13:35:28+00:00", generator: { date: "2024-11-22T13:35:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2019:2504", initial_release_date: "2019-08-15T13:28:09+00:00", revision_history: [ { date: "2019-08-15T13:28:09+00:00", number: "1", summary: "Initial version", }, { date: "2019-08-15T13:28:09+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T13:35:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Container Platform 4.1", product: { name: "Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:4.1::el7", }, }, }, { category: "product_name", name: "Red Hat OpenShift Container Platform 4.1", product: { name: "Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:4.1::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", product: { name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", product_id: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift@4.1.10-201908060758.git.0.d81afa6.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", product: { name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", product_id: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift@4.1.10-201908060758.git.0.d81afa6.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product: { name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_id: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-clients@4.1.10-201908060758.git.0.d81afa6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product: { name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_id: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-clients-redistributable@4.1.10-201908060758.git.0.d81afa6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product: { name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_id: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-hyperkube@4.1.10-201908060758.git.0.d81afa6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product: { name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_id: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-clients@4.1.10-201908060758.git.0.d81afa6.el8?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product: { name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_id: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-clients-redistributable@4.1.10-201908060758.git.0.d81afa6.el8?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product: { name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_id: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-hyperkube@4.1.10-201908060758.git.0.d81afa6.el8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src as a component of Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", }, product_reference: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", }, product_reference: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", }, product_reference: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", }, product_reference: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src as a component of Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", }, product_reference: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", relates_to_product_reference: "8Base-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", }, product_reference: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", relates_to_product_reference: "8Base-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", }, product_reference: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", relates_to_product_reference: "8Base-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", }, product_reference: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", relates_to_product_reference: "8Base-RHOSE-4.1", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, ], cve: "CVE-2019-11247", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2019-07-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1732192", }, ], notes: [ { category: "description", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "RHBZ#1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11247", url: "https://www.cve.org/CVERecord?id=CVE-2019-11247", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-15T13:28:09+00:00", details: "For OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.11, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html", product_ids: [ "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2504", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", }, ], }
RHSA-2019:2690
Vulnerability from csaf_redhat
Published
2019-09-12 06:37
Modified
2025-03-15 19:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.10 security update
Notes
Topic
An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 3.10 users are advised to upgrade to these
updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 3.10 users are advised to upgrade to these\nupdated packages and images.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:2690", url: "https://access.redhat.com/errata/RHSA-2019:2690", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2690.json", }, ], title: "Red Hat Security Advisory: OpenShift Container Platform 3.10 security update", tracking: { current_release_date: "2025-03-15T19:44:18+00:00", generator: { date: "2025-03-15T19:44:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2019:2690", initial_release_date: "2019-09-12T06:37:28+00:00", revision_history: [ { date: "2019-09-12T06:37:28+00:00", number: "1", summary: "Initial version", }, { date: "2019-09-12T06:37:28+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T19:44:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Container Platform 3.10", product: { name: "Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:3.10::el7", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hyperkube@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hypershift@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hyperkube@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hypershift@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", product: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", product_id: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.10.170-1.git.0.8e592d6.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product: { name: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product_id: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.10.170-1.git.0.8e592d6.el7?arch=noarch", }, }, }, { category: "product_version", name: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product: { name: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product_id: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-excluder@3.10.170-1.git.0.8e592d6.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", }, product_reference: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", }, product_reference: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", }, product_reference: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9512", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735645", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using PING frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "RHBZ#1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9512", url: "https://www.cve.org/CVERecord?id=CVE-2019-9512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-12T06:37:28+00:00", details: "For OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2690", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using PING frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9514", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735744", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9514", }, { category: "external", summary: "RHBZ#1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9514", url: "https://www.cve.org/CVERecord?id=CVE-2019-9514", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-12T06:37:28+00:00", details: "For OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2690", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, ], cve: "CVE-2019-11247", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2019-07-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1732192", }, ], notes: [ { category: "description", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "RHBZ#1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11247", url: "https://www.cve.org/CVERecord?id=CVE-2019-11247", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-12T06:37:28+00:00", details: "For OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2690", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", }, ], }
rhsa-2019_2504
Vulnerability from csaf_redhat
Published
2019-08-15 13:28
Modified
2024-11-22 13:35
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.1.11 openshift security update
Notes
Topic
An update for openshift is now available for Red Hat OpenShift Container Platform 4.1.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for openshift is now available for Red Hat OpenShift Container Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:2504", url: "https://access.redhat.com/errata/RHSA-2019:2504", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2504.json", }, ], title: "Red Hat Security Advisory: OpenShift Container Platform 4.1.11 openshift security update", tracking: { current_release_date: "2024-11-22T13:35:28+00:00", generator: { date: "2024-11-22T13:35:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2019:2504", initial_release_date: "2019-08-15T13:28:09+00:00", revision_history: [ { date: "2019-08-15T13:28:09+00:00", number: "1", summary: "Initial version", }, { date: "2019-08-15T13:28:09+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T13:35:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Container Platform 4.1", product: { name: "Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:4.1::el7", }, }, }, { category: "product_name", name: "Red Hat OpenShift Container Platform 4.1", product: { name: "Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:4.1::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", product: { name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", product_id: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift@4.1.10-201908060758.git.0.d81afa6.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", product: { name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", product_id: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift@4.1.10-201908060758.git.0.d81afa6.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product: { name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_id: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-clients@4.1.10-201908060758.git.0.d81afa6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product: { name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_id: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-clients-redistributable@4.1.10-201908060758.git.0.d81afa6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product: { name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_id: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-hyperkube@4.1.10-201908060758.git.0.d81afa6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product: { name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_id: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-clients@4.1.10-201908060758.git.0.d81afa6.el8?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product: { name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_id: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-clients-redistributable@4.1.10-201908060758.git.0.d81afa6.el8?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product: { name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_id: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-hyperkube@4.1.10-201908060758.git.0.d81afa6.el8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src as a component of Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", }, product_reference: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", }, product_reference: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", }, product_reference: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", }, product_reference: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src as a component of Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", }, product_reference: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", relates_to_product_reference: "8Base-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", }, product_reference: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", relates_to_product_reference: "8Base-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", }, product_reference: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", relates_to_product_reference: "8Base-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", }, product_reference: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", relates_to_product_reference: "8Base-RHOSE-4.1", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, ], cve: "CVE-2019-11247", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2019-07-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1732192", }, ], notes: [ { category: "description", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "RHBZ#1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11247", url: "https://www.cve.org/CVERecord?id=CVE-2019-11247", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-15T13:28:09+00:00", details: "For OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.11, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html", product_ids: [ "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2504", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", }, ], }
rhsa-2019:2504
Vulnerability from csaf_redhat
Published
2019-08-15 13:28
Modified
2024-11-22 13:35
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.1.11 openshift security update
Notes
Topic
An update for openshift is now available for Red Hat OpenShift Container Platform 4.1.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for openshift is now available for Red Hat OpenShift Container Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:2504", url: "https://access.redhat.com/errata/RHSA-2019:2504", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2504.json", }, ], title: "Red Hat Security Advisory: OpenShift Container Platform 4.1.11 openshift security update", tracking: { current_release_date: "2024-11-22T13:35:28+00:00", generator: { date: "2024-11-22T13:35:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2019:2504", initial_release_date: "2019-08-15T13:28:09+00:00", revision_history: [ { date: "2019-08-15T13:28:09+00:00", number: "1", summary: "Initial version", }, { date: "2019-08-15T13:28:09+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T13:35:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Container Platform 4.1", product: { name: "Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:4.1::el7", }, }, }, { category: "product_name", name: "Red Hat OpenShift Container Platform 4.1", product: { name: "Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:4.1::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", product: { name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", product_id: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift@4.1.10-201908060758.git.0.d81afa6.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", product: { name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", product_id: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift@4.1.10-201908060758.git.0.d81afa6.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product: { name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_id: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-clients@4.1.10-201908060758.git.0.d81afa6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product: { name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_id: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-clients-redistributable@4.1.10-201908060758.git.0.d81afa6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product: { name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_id: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-hyperkube@4.1.10-201908060758.git.0.d81afa6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product: { name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_id: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-clients@4.1.10-201908060758.git.0.d81afa6.el8?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product: { name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_id: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-clients-redistributable@4.1.10-201908060758.git.0.d81afa6.el8?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product: { name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_id: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-hyperkube@4.1.10-201908060758.git.0.d81afa6.el8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src as a component of Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", }, product_reference: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", }, product_reference: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", }, product_reference: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", }, product_reference: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src as a component of Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", }, product_reference: "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", relates_to_product_reference: "8Base-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", }, product_reference: "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", relates_to_product_reference: "8Base-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", }, product_reference: "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", relates_to_product_reference: "8Base-RHOSE-4.1", }, { category: "default_component_of", full_product_name: { name: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", product_id: "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", }, product_reference: "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", relates_to_product_reference: "8Base-RHOSE-4.1", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, ], cve: "CVE-2019-11247", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2019-07-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1732192", }, ], notes: [ { category: "description", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "RHBZ#1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11247", url: "https://www.cve.org/CVERecord?id=CVE-2019-11247", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-15T13:28:09+00:00", details: "For OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.11, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html", product_ids: [ "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2504", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", }, ], }
rhsa-2019_2769
Vulnerability from csaf_redhat
Published
2019-10-24 21:31
Modified
2024-11-22 13:35
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.9 security update
Notes
Topic
An security update is now available for Red Hat OpenShift Container Platform 3.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for Red Hat OpenShift Container
Platform 3.9, which have been rebuilt with an updated version of golang.
Security Fix(es):
* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An security update is now available for Red Hat OpenShift Container Platform 3.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for Red Hat OpenShift Container\nPlatform 3.9, which have been rebuilt with an updated version of golang.\n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:2769", url: "https://access.redhat.com/errata/RHSA-2019:2769", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2769.json", }, ], title: "Red Hat Security Advisory: OpenShift Container Platform 3.9 security update", tracking: { current_release_date: "2024-11-22T13:35:47+00:00", generator: { date: "2024-11-22T13:35:47+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2019:2769", initial_release_date: "2019-10-24T21:31:32+00:00", revision_history: [ { date: "2019-10-24T21:31:32+00:00", number: "1", summary: "Initial version", }, { date: "2019-10-24T21:31:32+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T13:35:47+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Container Platform 3.9", product: { name: "Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:3.9::el7", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "cri-o-0:1.9.16-3.git858756d.el7.x86_64", product: { name: "cri-o-0:1.9.16-3.git858756d.el7.x86_64", product_id: "cri-o-0:1.9.16-3.git858756d.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cri-o@1.9.16-3.git858756d.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", product: { name: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", product_id: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cri-o-debuginfo@1.9.16-3.git858756d.el7?arch=x86_64", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", product: { name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", product_id: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@2.1-3.git885c9f40.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-efs-provisioner@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-local-provisioner@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-snapshot-controller@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-snapshot-provisioner@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-debuginfo@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", product: { name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", product_id: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.9.101-1.git.1.601c6d2.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", product: { name: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", product_id: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.101-1.git.1.13625cf.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", product: { name: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", product_id: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-node-exporter@3.9.101-1.git.1.8295224.el7?arch=x86_64", }, }, }, { category: "product_version", name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", product: { name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", product_id: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-prometheus-alert-buffer@0-3.gitceca8c1.el7?arch=x86_64", }, }, }, { category: "product_version", name: "ansible-service-broker-0:1.1.20-2.el7.x86_64", product: { name: "ansible-service-broker-0:1.1.20-2.el7.x86_64", product_id: "ansible-service-broker-0:1.1.20-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.1.20-2.el7?arch=x86_64", }, }, }, { category: "product_version", name: "heapster-0:1.3.0-4.el7.x86_64", product: { name: "heapster-0:1.3.0-4.el7.x86_64", product_id: "heapster-0:1.3.0-4.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/heapster@1.3.0-4.el7?arch=x86_64", }, }, }, { category: "product_version", name: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", product: { name: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", product_id: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/hawkular-openshift-agent@1.2.2-3.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", product: { name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", product_id: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-eventrouter@0.1-3.git5bd9251.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", product: { name: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", product_id: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-eventrouter-debuginfo@0.1-3.git5bd9251.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product: { name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product_id: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cri-tools@1.0.0-6.rhaos3.9.git8e6013a.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product: { name: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product_id: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cri-tools-debuginfo@1.0.0-6.rhaos3.9.git8e6013a.el7?arch=x86_64", }, }, }, { category: "product_version", name: "containernetworking-plugins-0:0.5.2-6.el7.x86_64", product: { name: "containernetworking-plugins-0:0.5.2-6.el7.x86_64", product_id: "containernetworking-plugins-0:0.5.2-6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/containernetworking-plugins@0.5.2-6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", product: { name: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", product_id: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/containernetworking-plugins-debuginfo@0.5.2-6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product: { name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product_id: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-promu@0-5.git85ceabc.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product: { name: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product_id: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-promu@0-5.git85ceabc.el7?arch=x86_64", }, }, }, { category: "product_version", name: "image-inspector-0:2.1.3-2.el7.x86_64", product: { name: "image-inspector-0:2.1.3-2.el7.x86_64", product_id: "image-inspector-0:2.1.3-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/image-inspector@2.1.3-2.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", product: { name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", product_id: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openvswitch-ovn-kubernetes@0.1.0-3.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", product: { name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", product_id: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-image-registry@3.8.0-2.git.216.b6b90bb.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", product: { name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", product_id: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-2.git.267.bb59a3f.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", product: { name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", product_id: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-2.git.167.5d6b0d4.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", product: { name: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", product_id: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-alertmanager@0.14.0-2.git30af4d0.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", product: { name: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", product_id: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus@2.2.1-2.gitbc6058c.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", product: { name: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", product_id: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cockpit-kubernetes@195-2.rhaos.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", product: { name: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", product_id: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cockpit-debuginfo@195-2.rhaos.el7?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "cri-o-0:1.9.16-3.git858756d.el7.src", product: { name: "cri-o-0:1.9.16-3.git858756d.el7.src", product_id: "cri-o-0:1.9.16-3.git858756d.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/cri-o@1.9.16-3.git858756d.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", product: { name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", product_id: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@2.1-3.git885c9f40.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", product: { name: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", product_id: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage@0.0.1-9.git78d6339.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", product: { name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", product_id: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.9.101-1.git.0.150f595.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", product: { name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", product_id: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.9.101-1.git.1.601c6d2.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", product: { name: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", product_id: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.101-1.git.1.8295224.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", product: { name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", product_id: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-prometheus-alert-buffer@0-3.gitceca8c1.el7?arch=src", }, }, }, { category: "product_version", name: "ansible-service-broker-0:1.1.20-2.el7.src", product: { name: "ansible-service-broker-0:1.1.20-2.el7.src", product_id: "ansible-service-broker-0:1.1.20-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.1.20-2.el7?arch=src", }, }, }, { category: "product_version", name: "heapster-0:1.3.0-4.el7.src", product: { name: "heapster-0:1.3.0-4.el7.src", product_id: "heapster-0:1.3.0-4.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/heapster@1.3.0-4.el7?arch=src", }, }, }, { category: "product_version", name: "hawkular-openshift-agent-0:1.2.2-3.el7.src", product: { name: "hawkular-openshift-agent-0:1.2.2-3.el7.src", product_id: "hawkular-openshift-agent-0:1.2.2-3.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/hawkular-openshift-agent@1.2.2-3.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", product: { name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", product_id: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-eventrouter@0.1-3.git5bd9251.el7?arch=src", }, }, }, { category: "product_version", name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", product: { name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", product_id: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/cri-tools@1.0.0-6.rhaos3.9.git8e6013a.el7?arch=src", }, }, }, { category: "product_version", name: "containernetworking-plugins-0:0.5.2-6.el7.src", product: { name: "containernetworking-plugins-0:0.5.2-6.el7.src", product_id: "containernetworking-plugins-0:0.5.2-6.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/containernetworking-plugins@0.5.2-6.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", product: { name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", product_id: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-promu@0-5.git85ceabc.el7?arch=src", }, }, }, { category: "product_version", name: "image-inspector-0:2.1.3-2.el7.src", product: { name: "image-inspector-0:2.1.3-2.el7.src", product_id: "image-inspector-0:2.1.3-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/image-inspector@2.1.3-2.el7?arch=src", }, }, }, { category: "product_version", name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", product: { name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", product_id: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openvswitch-ovn-kubernetes@0.1.0-3.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", product: { name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", product_id: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-image-registry@3.8.0-2.git.216.b6b90bb.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", product: { name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", product_id: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-2.git.267.bb59a3f.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", product: { name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", product_id: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-2.git.167.5d6b0d4.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", product: { name: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", product_id: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-alertmanager@0.14.0-2.git30af4d0.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", product: { name: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", product_id: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-prometheus@2.2.1-2.gitbc6058c.el7?arch=src", }, }, }, { category: "product_version", name: "cockpit-0:195-2.rhaos.el7.src", product: { name: "cockpit-0:195-2.rhaos.el7.src", product_id: "cockpit-0:195-2.rhaos.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/cockpit@195-2.rhaos.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product: { name: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product_id: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.101-1.git.0.150f595.el7?arch=noarch", }, }, }, { category: "product_version", name: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product: { name: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product_id: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-excluder@3.9.101-1.git.0.150f595.el7?arch=noarch", }, }, }, { category: "product_version", name: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", product: { name: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", product_id: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker-container-scripts@1.1.20-2.el7?arch=noarch", }, }, }, { category: "product_version", name: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", product: { name: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", product_id: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker-selinux@1.1.20-2.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-service-broker-0:1.1.20-2.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", }, product_reference: "ansible-service-broker-0:1.1.20-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-0:1.1.20-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", }, product_reference: "ansible-service-broker-0:1.1.20-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", }, product_reference: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", }, product_reference: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", }, product_reference: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", }, product_reference: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", }, product_reference: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", }, product_reference: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", }, product_reference: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", }, product_reference: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", }, product_reference: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", }, product_reference: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", }, product_reference: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", }, product_reference: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cockpit-0:195-2.rhaos.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", }, product_reference: "cockpit-0:195-2.rhaos.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", }, product_reference: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", }, product_reference: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "containernetworking-plugins-0:0.5.2-6.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", }, product_reference: "containernetworking-plugins-0:0.5.2-6.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "containernetworking-plugins-0:0.5.2-6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", }, product_reference: "containernetworking-plugins-0:0.5.2-6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", }, product_reference: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-o-0:1.9.16-3.git858756d.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", }, product_reference: "cri-o-0:1.9.16-3.git858756d.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-o-0:1.9.16-3.git858756d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", }, product_reference: "cri-o-0:1.9.16-3.git858756d.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", }, product_reference: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", }, product_reference: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", }, product_reference: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", }, product_reference: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", }, product_reference: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", }, product_reference: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", }, product_reference: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", }, product_reference: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", }, product_reference: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", }, product_reference: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", }, product_reference: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", }, product_reference: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", }, product_reference: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "hawkular-openshift-agent-0:1.2.2-3.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", }, product_reference: "hawkular-openshift-agent-0:1.2.2-3.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", }, product_reference: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "heapster-0:1.3.0-4.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", }, product_reference: "heapster-0:1.3.0-4.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "heapster-0:1.3.0-4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", }, product_reference: "heapster-0:1.3.0-4.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "image-inspector-0:2.1.3-2.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", }, product_reference: "image-inspector-0:2.1.3-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "image-inspector-0:2.1.3-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", }, product_reference: "image-inspector-0:2.1.3-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", }, product_reference: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", }, product_reference: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", }, product_reference: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", }, product_reference: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", }, product_reference: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", }, product_reference: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", }, product_reference: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", }, product_reference: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", }, product_reference: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", }, product_reference: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", }, product_reference: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", }, product_reference: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9512", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735645", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using PING frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "RHBZ#1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9512", url: "https://www.cve.org/CVERecord?id=CVE-2019-9512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-24T21:31:32+00:00", details: "For OpenShift Container Platform 3.9 see the following documentation, which\nwill be updated shortly for release 3.9.100, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using PING frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9514", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735744", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9514", }, { category: "external", summary: "RHBZ#1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9514", url: "https://www.cve.org/CVERecord?id=CVE-2019-9514", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-24T21:31:32+00:00", details: "For OpenShift Container Platform 3.9 see the following documentation, which\nwill be updated shortly for release 3.9.100, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, ], cve: "CVE-2019-11247", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2019-07-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1732192", }, ], notes: [ { category: "description", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "RHBZ#1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11247", url: "https://www.cve.org/CVERecord?id=CVE-2019-11247", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-24T21:31:32+00:00", details: "For OpenShift Container Platform 3.9 see the following documentation, which\nwill be updated shortly for release 3.9.100, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", }, ], }
rhba-2019:2816
Vulnerability from csaf_redhat
Published
2019-09-24 12:31
Modified
2024-11-22 13:43
Summary
Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update
Notes
Topic
Red Hat OpenShift Container Platform release 3.11.146 is now available with
updates to packages and images that fix several bugs.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.11.146. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2019:2824
This update fixes the following bugs:
* kuryr-controller could not access the OpenShift API LoadBalancer members with OVN if kuryr-controller was running on master nodes. Now, kuryr-controller is forced to be on infrastructure nodes. As a result, kuryr-controller can now access the OpenShift API LoadBalancers. (BZ#1641647)
* In rare cases, the cluster console would not display a projects list when the user logged in. This was due to a race condition that would cause the project list to fail after logging into the admin console. The user would need to refresh the page to see the list of projects. This race condition has been addressed, and projects now load successfully after logging in. (BZ#1703777)
* Image tags were not provided for some ose-pod image pulls. As a result, multiple image versions could be pulled from the ose-pod image. Now, image tags have been added to the registry_auth and only a single image version for ose-pod is pulled. (BZ#1725938)
* Clusters with large numbers of unidled services could see extended wait times applying endpoint changes to cluster IP addresses. Iptables access is now better coordinated and synchronization of firewall rules occurs in less time. (BZ#1734009)
* Egress IP addresses did not operate correctly in namespaces with restrictive NetworkPolicies. Pods that accepted traffic only from specific sources would not be able to send egress traffic via egress IP addresses because the response from the external server would be mistakenly rejected by their NetworkPolicies. Now, replies from egress traffic are correctly recognized as replies rather than as new connections. (BZ#1741477)
* Metrics-server-certs did not remove secrets if the server was uninstalled. The metrics serving cert label has been corrected and metrics serving certs are removed completely. (BZ#1746212)
* Outgoing connections would sometimes be dropped if a minimum kernel version was not installed. A check has been added to ensure that the installed kernel meets the required minimum version to avoid network issues. This check is run during prerequisites, scale-up, and upgrade. (BZ#1749024)
* Upgrade playbooks were not respecting the openshift_docker_additional_registries variable. The registries.conf has been updated to observe inventory variables that have been set or changes since the last upgrade. (BZ#1749341)
All OpenShift Container Platform 3.11 users are advised to upgrade to these
updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Container Platform release 3.11.146 is now available with\nupdates to packages and images that fix several bugs.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.146. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2019:2824\n\nThis update fixes the following bugs: \n\n* kuryr-controller could not access the OpenShift API LoadBalancer members with OVN if kuryr-controller was running on master nodes. Now, kuryr-controller is forced to be on infrastructure nodes. As a result, kuryr-controller can now access the OpenShift API LoadBalancers. (BZ#1641647)\n\n* In rare cases, the cluster console would not display a projects list when the user logged in. This was due to a race condition that would cause the project list to fail after logging into the admin console. The user would need to refresh the page to see the list of projects. This race condition has been addressed, and projects now load successfully after logging in. (BZ#1703777)\n\n* Image tags were not provided for some ose-pod image pulls. As a result, multiple image versions could be pulled from the ose-pod image. Now, image tags have been added to the registry_auth and only a single image version for ose-pod is pulled. (BZ#1725938)\n\n* Clusters with large numbers of unidled services could see extended wait times applying endpoint changes to cluster IP addresses. Iptables access is now better coordinated and synchronization of firewall rules occurs in less time. (BZ#1734009)\n\n* Egress IP addresses did not operate correctly in namespaces with restrictive NetworkPolicies. Pods that accepted traffic only from specific sources would not be able to send egress traffic via egress IP addresses because the response from the external server would be mistakenly rejected by their NetworkPolicies. Now, replies from egress traffic are correctly recognized as replies rather than as new connections. (BZ#1741477)\n\n* Metrics-server-certs did not remove secrets if the server was uninstalled. The metrics serving cert label has been corrected and metrics serving certs are removed completely. (BZ#1746212)\n\n* Outgoing connections would sometimes be dropped if a minimum kernel version was not installed. A check has been added to ensure that the installed kernel meets the required minimum version to avoid network issues. This check is run during prerequisites, scale-up, and upgrade. (BZ#1749024)\n\n* Upgrade playbooks were not respecting the openshift_docker_additional_registries variable. The registries.conf has been updated to observe inventory variables that have been set or changes since the last upgrade. (BZ#1749341)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these\nupdated packages and images.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2019:2816", url: "https://access.redhat.com/errata/RHBA-2019:2816", }, { category: "external", summary: "1432875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1432875", }, { category: "external", summary: "1641647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1641647", }, { category: "external", summary: "1661447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1661447", }, { category: "external", summary: "1703777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1703777", }, { category: "external", summary: "1720172", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1720172", }, { category: "external", summary: "1733327", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1733327", }, { category: "external", summary: "1733429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1733429", }, { category: "external", summary: "1734009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1734009", }, { category: "external", summary: "1735502", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735502", }, { category: "external", summary: "1741477", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1741477", }, { category: "external", summary: "1743950", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1743950", }, { category: "external", summary: "1746212", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1746212", }, { category: "external", summary: "1748982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1748982", }, { category: "external", summary: "1749024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749024", }, { category: "external", summary: "1749341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749341", }, { category: "external", summary: "1752853", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1752853", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_2816.json", }, ], title: "Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update", tracking: { current_release_date: "2024-11-22T13:43:43+00:00", generator: { date: "2024-11-22T13:43:43+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHBA-2019:2816", initial_release_date: "2019-09-24T12:31:29+00:00", revision_history: [ { date: "2019-09-24T12:31:29+00:00", number: "1", summary: "Initial version", }, { date: "2019-09-24T12:31:29+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T13:43:43+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Container Platform 3.11", product: { name: "Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:3.11::el7", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product_id: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.146-1.git.1.3f0869b.el7?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product: { name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product_id: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.146-1.git.1.3f0869b.el7?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", product: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", product_id: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.146-1.git.1.3633245.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", product: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", product_id: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.146-1.git.1.fc7387e.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", product: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", product_id: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.146-1.git.1.fc1edc6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", product: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", product_id: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.146-1.git.1.5278825.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", product: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", product_id: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.146-1.git.1.e0e89f7.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", product: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", product_id: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.146-1.git.1.723cb8d.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", product: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", product_id: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.11.146-1.git.1.75951b8.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", product: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", product_id: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.146-1.git.1.517a261.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", product: { name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", product_id: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-alertmanager@3.11.146-1.git.1.1a30625.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", product: { name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", product_id: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-node-exporter@3.11.146-1.git.1.51554ba.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", product: { name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", product_id: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus@3.11.146-1.git.1.0e18774.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", product: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", product_id: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.146-1.git.1.de160cc.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", product: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", product_id: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.146-1.git.1.113bc35.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "ansible-service-broker-1:1.3.23-2.el7.ppc64le", product: { name: "ansible-service-broker-1:1.3.23-2.el7.ppc64le", product_id: "ansible-service-broker-1:1.3.23-2.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.3.23-2.el7?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "kibana-0:5.6.16-2.el7.ppc64le", product: { name: "kibana-0:5.6.16-2.el7.ppc64le", product_id: "kibana-0:5.6.16-2.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/kibana@5.6.16-2.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", product: { name: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", product_id: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/kibana-debuginfo@5.6.16-2.el7?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product_id: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.146-1.git.1.3f0869b.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product: { name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product_id: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.146-1.git.1.3f0869b.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", product: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", product_id: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.146-1.git.1.3633245.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", product: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", product_id: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.146-1.git.1.fc7387e.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", product: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", product_id: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.146-1.git.1.fc1edc6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", product: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", product_id: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.146-1.git.1.5278825.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", product: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", product_id: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.146-1.git.1.e0e89f7.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", product: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", product_id: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.146-1.git.1.723cb8d.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", product: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", product_id: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.11.146-1.git.1.75951b8.el7?arch=x86_64", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", product: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", product_id: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.146-1.git.1.517a261.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", product: { name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", product_id: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-alertmanager@3.11.146-1.git.1.1a30625.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", product: { name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", product_id: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-node-exporter@3.11.146-1.git.1.51554ba.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", product: { name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", product_id: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus@3.11.146-1.git.1.0e18774.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", product: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", product_id: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.146-1.git.1.de160cc.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", product: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", product_id: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.146-1.git.1.113bc35.el7?arch=x86_64", }, }, }, { category: "product_version", name: "ansible-service-broker-1:1.3.23-2.el7.x86_64", product: { name: "ansible-service-broker-1:1.3.23-2.el7.x86_64", product_id: "ansible-service-broker-1:1.3.23-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.3.23-2.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "kibana-0:5.6.16-2.el7.x86_64", product: { name: "kibana-0:5.6.16-2.el7.x86_64", product_id: "kibana-0:5.6.16-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kibana@5.6.16-2.el7?arch=x86_64", }, }, }, { category: "product_version", name: "kibana-debuginfo-0:5.6.16-2.el7.x86_64", product: { name: "kibana-debuginfo-0:5.6.16-2.el7.x86_64", product_id: "kibana-debuginfo-0:5.6.16-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kibana-debuginfo@5.6.16-2.el7?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", product: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", product_id: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.146-1.git.1.3f0869b.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", product: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", product_id: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.11.146-1.git.0.4aab273.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", product: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", product_id: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.146-1.git.1.3633245.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", product: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", product_id: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.146-1.git.1.fc7387e.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", product: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", product_id: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.146-1.git.1.fc1edc6.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", product: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", product_id: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.146-1.git.1.5278825.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", product: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", product_id: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.146-1.git.1.e0e89f7.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", product: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", product_id: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.146-1.git.1.723cb8d.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", product: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", product_id: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.11.146-1.git.1.75951b8.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", product: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", product_id: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.146-1.git.1.517a261.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", product: { name: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", product_id: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.146-1.git.1.1a30625.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", product: { name: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", product_id: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.146-1.git.1.51554ba.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", product: { name: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", product_id: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.146-1.git.1.0e18774.el7?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", product: { name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", product_id: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@3.11.1567698330-1.el7?arch=src", }, }, }, { category: "product_version", name: "jenkins-0:2.176.3.1568230481-1.el7.src", product: { name: "jenkins-0:2.176.3.1568230481-1.el7.src", product_id: "jenkins-0:2.176.3.1568230481-1.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.176.3.1568230481-1.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", product: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", product_id: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.146-1.git.1.de160cc.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", product: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", product_id: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.146-1.git.1.113bc35.el7?arch=src", }, }, }, { category: "product_version", name: "ansible-service-broker-1:1.3.23-2.el7.src", product: { name: "ansible-service-broker-1:1.3.23-2.el7.src", product_id: "ansible-service-broker-1:1.3.23-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.3.23-2.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "python-elasticsearch-1:5.4.0-2.el7.src", product: { name: "python-elasticsearch-1:5.4.0-2.el7.src", product_id: "python-elasticsearch-1:5.4.0-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/python-elasticsearch@5.4.0-2.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "kibana-0:5.6.16-2.el7.src", product: { name: "kibana-0:5.6.16-2.el7.src", product_id: "kibana-0:5.6.16-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/kibana@5.6.16-2.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product: { name: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product_id: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.146-1.git.0.4aab273.el7?arch=noarch", }, }, }, { category: "product_version", name: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product: { name: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product_id: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-excluder@3.11.146-1.git.0.4aab273.el7?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", product: { name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", product_id: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@3.11.1567698330-1.el7?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-0:2.176.3.1568230481-1.el7.noarch", product: { name: "jenkins-0:2.176.3.1568230481-1.el7.noarch", product_id: "jenkins-0:2.176.3.1568230481-1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.176.3.1568230481-1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", product: { name: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", product_id: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker-container-scripts@1.3.23-2.el7?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", product: { name: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", product_id: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker-selinux@1.3.23-2.el7?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "automation-broker-apb-role-1:1.3.23-2.el7.noarch", product: { name: "automation-broker-apb-role-1:1.3.23-2.el7.noarch", product_id: "automation-broker-apb-role-1:1.3.23-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/automation-broker-apb-role@1.3.23-2.el7?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "python-elasticsearch-1:5.4.0-2.el7.noarch", product: { name: "python-elasticsearch-1:5.4.0-2.el7.noarch", product_id: "python-elasticsearch-1:5.4.0-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/python-elasticsearch@5.4.0-2.el7?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-service-broker-1:1.3.23-2.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", }, product_reference: "ansible-service-broker-1:1.3.23-2.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-1:1.3.23-2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", }, product_reference: "ansible-service-broker-1:1.3.23-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-1:1.3.23-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", }, product_reference: "ansible-service-broker-1:1.3.23-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", }, product_reference: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", }, product_reference: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", }, product_reference: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", }, product_reference: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", }, product_reference: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", }, product_reference: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", }, product_reference: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", }, product_reference: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", }, product_reference: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", }, product_reference: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", }, product_reference: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", }, product_reference: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", }, product_reference: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", }, product_reference: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", }, product_reference: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", }, product_reference: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", }, product_reference: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", }, product_reference: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", }, product_reference: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", }, product_reference: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", }, product_reference: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", }, product_reference: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", }, product_reference: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", }, product_reference: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", }, product_reference: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", }, product_reference: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", }, product_reference: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", }, product_reference: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", }, product_reference: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", }, product_reference: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", }, product_reference: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "automation-broker-apb-role-1:1.3.23-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", }, product_reference: "automation-broker-apb-role-1:1.3.23-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", }, product_reference: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", }, product_reference: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", }, product_reference: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", }, product_reference: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", }, product_reference: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", }, product_reference: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.176.3.1568230481-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", }, product_reference: "jenkins-0:2.176.3.1568230481-1.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.176.3.1568230481-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", }, product_reference: "jenkins-0:2.176.3.1568230481-1.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", }, product_reference: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", }, product_reference: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-0:5.6.16-2.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", }, product_reference: "kibana-0:5.6.16-2.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-0:5.6.16-2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", }, product_reference: "kibana-0:5.6.16-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-0:5.6.16-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", }, product_reference: "kibana-0:5.6.16-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", }, product_reference: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-debuginfo-0:5.6.16-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", }, product_reference: "kibana-debuginfo-0:5.6.16-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", }, product_reference: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", }, product_reference: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", }, product_reference: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", }, product_reference: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", }, product_reference: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", }, product_reference: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", }, product_reference: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", }, product_reference: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", }, product_reference: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", }, product_reference: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", }, product_reference: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", }, product_reference: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "python-elasticsearch-1:5.4.0-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", }, product_reference: "python-elasticsearch-1:5.4.0-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "python-elasticsearch-1:5.4.0-2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", }, product_reference: "python-elasticsearch-1:5.4.0-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, ], cve: "CVE-2019-11247", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2019-07-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1732192", }, ], notes: [ { category: "description", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], known_not_affected: [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "RHBZ#1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11247", url: "https://www.cve.org/CVERecord?id=CVE-2019-11247", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-24T12:31:29+00:00", details: "Before applying this update, ensure all previously released errata\nrelevant to your system have been applied.\n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for release 3.11.146, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", product_ids: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2019:2816", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", }, { cve: "CVE-2019-11249", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2019-08-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1737651", }, ], notes: [ { category: "description", text: "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], known_not_affected: [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11249", }, { category: "external", summary: "RHBZ#1737651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1737651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11249", url: "https://www.cve.org/CVERecord?id=CVE-2019-11249", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11249", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11249", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-24T12:31:29+00:00", details: "Before applying this update, ensure all previously released errata\nrelevant to your system have been applied.\n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for release 3.11.146, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", product_ids: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2019:2816", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal", }, ], }
rhsa-2019_2690
Vulnerability from csaf_redhat
Published
2019-09-12 06:37
Modified
2024-11-22 13:35
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.10 security update
Notes
Topic
An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 3.10 users are advised to upgrade to these
updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 3.10 users are advised to upgrade to these\nupdated packages and images.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:2690", url: "https://access.redhat.com/errata/RHSA-2019:2690", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2690.json", }, ], title: "Red Hat Security Advisory: OpenShift Container Platform 3.10 security update", tracking: { current_release_date: "2024-11-22T13:35:33+00:00", generator: { date: "2024-11-22T13:35:33+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2019:2690", initial_release_date: "2019-09-12T06:37:28+00:00", revision_history: [ { date: "2019-09-12T06:37:28+00:00", number: "1", summary: "Initial version", }, { date: "2019-09-12T06:37:28+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T13:35:33+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Container Platform 3.10", product: { name: "Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:3.10::el7", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hyperkube@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hypershift@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hyperkube@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hypershift@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", product: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", product_id: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.10.170-1.git.0.8e592d6.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product: { name: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product_id: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.10.170-1.git.0.8e592d6.el7?arch=noarch", }, }, }, { category: "product_version", name: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product: { name: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product_id: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-excluder@3.10.170-1.git.0.8e592d6.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", }, product_reference: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", }, product_reference: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", }, product_reference: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9512", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735645", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using PING frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "RHBZ#1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9512", url: "https://www.cve.org/CVERecord?id=CVE-2019-9512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-12T06:37:28+00:00", details: "For OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2690", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using PING frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9514", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735744", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9514", }, { category: "external", summary: "RHBZ#1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9514", url: "https://www.cve.org/CVERecord?id=CVE-2019-9514", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-12T06:37:28+00:00", details: "For OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2690", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, ], cve: "CVE-2019-11247", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2019-07-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1732192", }, ], notes: [ { category: "description", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "RHBZ#1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11247", url: "https://www.cve.org/CVERecord?id=CVE-2019-11247", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-12T06:37:28+00:00", details: "For OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2690", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", }, ], }
rhsa-2019:2690
Vulnerability from csaf_redhat
Published
2019-09-12 06:37
Modified
2025-03-15 19:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.10 security update
Notes
Topic
An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 3.10 users are advised to upgrade to these
updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 3.10 users are advised to upgrade to these\nupdated packages and images.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:2690", url: "https://access.redhat.com/errata/RHSA-2019:2690", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2690.json", }, ], title: "Red Hat Security Advisory: OpenShift Container Platform 3.10 security update", tracking: { current_release_date: "2025-03-15T19:44:18+00:00", generator: { date: "2025-03-15T19:44:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2019:2690", initial_release_date: "2019-09-12T06:37:28+00:00", revision_history: [ { date: "2019-09-12T06:37:28+00:00", number: "1", summary: "Initial version", }, { date: "2019-09-12T06:37:28+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T19:44:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Container Platform 3.10", product: { name: "Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:3.10::el7", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hyperkube@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hypershift@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product: { name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_id: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hyperkube@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hypershift@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product: { name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_id: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.10.170-1.git.0.8e592d6.el7?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", product: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", product_id: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.10.170-1.git.0.8e592d6.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product: { name: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product_id: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.10.170-1.git.0.8e592d6.el7?arch=noarch", }, }, }, { category: "product_version", name: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product: { name: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product_id: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-excluder@3.10.170-1.git.0.8e592d6.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", }, product_reference: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", }, product_reference: "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", }, product_reference: "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", }, product_reference: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", product_id: "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", }, product_reference: "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.10", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9512", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735645", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using PING frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "RHBZ#1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9512", url: "https://www.cve.org/CVERecord?id=CVE-2019-9512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-12T06:37:28+00:00", details: "For OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2690", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using PING frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9514", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735744", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9514", }, { category: "external", summary: "RHBZ#1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9514", url: "https://www.cve.org/CVERecord?id=CVE-2019-9514", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-12T06:37:28+00:00", details: "For OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2690", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, ], cve: "CVE-2019-11247", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2019-07-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1732192", }, ], notes: [ { category: "description", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "RHBZ#1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11247", url: "https://www.cve.org/CVERecord?id=CVE-2019-11247", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-12T06:37:28+00:00", details: "For OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2690", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", }, ], }
rhba-2019_2816
Vulnerability from csaf_redhat
Published
2019-09-24 12:31
Modified
2024-11-22 13:43
Summary
Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update
Notes
Topic
Red Hat OpenShift Container Platform release 3.11.146 is now available with
updates to packages and images that fix several bugs.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.11.146. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2019:2824
This update fixes the following bugs:
* kuryr-controller could not access the OpenShift API LoadBalancer members with OVN if kuryr-controller was running on master nodes. Now, kuryr-controller is forced to be on infrastructure nodes. As a result, kuryr-controller can now access the OpenShift API LoadBalancers. (BZ#1641647)
* In rare cases, the cluster console would not display a projects list when the user logged in. This was due to a race condition that would cause the project list to fail after logging into the admin console. The user would need to refresh the page to see the list of projects. This race condition has been addressed, and projects now load successfully after logging in. (BZ#1703777)
* Image tags were not provided for some ose-pod image pulls. As a result, multiple image versions could be pulled from the ose-pod image. Now, image tags have been added to the registry_auth and only a single image version for ose-pod is pulled. (BZ#1725938)
* Clusters with large numbers of unidled services could see extended wait times applying endpoint changes to cluster IP addresses. Iptables access is now better coordinated and synchronization of firewall rules occurs in less time. (BZ#1734009)
* Egress IP addresses did not operate correctly in namespaces with restrictive NetworkPolicies. Pods that accepted traffic only from specific sources would not be able to send egress traffic via egress IP addresses because the response from the external server would be mistakenly rejected by their NetworkPolicies. Now, replies from egress traffic are correctly recognized as replies rather than as new connections. (BZ#1741477)
* Metrics-server-certs did not remove secrets if the server was uninstalled. The metrics serving cert label has been corrected and metrics serving certs are removed completely. (BZ#1746212)
* Outgoing connections would sometimes be dropped if a minimum kernel version was not installed. A check has been added to ensure that the installed kernel meets the required minimum version to avoid network issues. This check is run during prerequisites, scale-up, and upgrade. (BZ#1749024)
* Upgrade playbooks were not respecting the openshift_docker_additional_registries variable. The registries.conf has been updated to observe inventory variables that have been set or changes since the last upgrade. (BZ#1749341)
All OpenShift Container Platform 3.11 users are advised to upgrade to these
updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Container Platform release 3.11.146 is now available with\nupdates to packages and images that fix several bugs.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.146. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2019:2824\n\nThis update fixes the following bugs: \n\n* kuryr-controller could not access the OpenShift API LoadBalancer members with OVN if kuryr-controller was running on master nodes. Now, kuryr-controller is forced to be on infrastructure nodes. As a result, kuryr-controller can now access the OpenShift API LoadBalancers. (BZ#1641647)\n\n* In rare cases, the cluster console would not display a projects list when the user logged in. This was due to a race condition that would cause the project list to fail after logging into the admin console. The user would need to refresh the page to see the list of projects. This race condition has been addressed, and projects now load successfully after logging in. (BZ#1703777)\n\n* Image tags were not provided for some ose-pod image pulls. As a result, multiple image versions could be pulled from the ose-pod image. Now, image tags have been added to the registry_auth and only a single image version for ose-pod is pulled. (BZ#1725938)\n\n* Clusters with large numbers of unidled services could see extended wait times applying endpoint changes to cluster IP addresses. Iptables access is now better coordinated and synchronization of firewall rules occurs in less time. (BZ#1734009)\n\n* Egress IP addresses did not operate correctly in namespaces with restrictive NetworkPolicies. Pods that accepted traffic only from specific sources would not be able to send egress traffic via egress IP addresses because the response from the external server would be mistakenly rejected by their NetworkPolicies. Now, replies from egress traffic are correctly recognized as replies rather than as new connections. (BZ#1741477)\n\n* Metrics-server-certs did not remove secrets if the server was uninstalled. The metrics serving cert label has been corrected and metrics serving certs are removed completely. (BZ#1746212)\n\n* Outgoing connections would sometimes be dropped if a minimum kernel version was not installed. A check has been added to ensure that the installed kernel meets the required minimum version to avoid network issues. This check is run during prerequisites, scale-up, and upgrade. (BZ#1749024)\n\n* Upgrade playbooks were not respecting the openshift_docker_additional_registries variable. The registries.conf has been updated to observe inventory variables that have been set or changes since the last upgrade. (BZ#1749341)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these\nupdated packages and images.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2019:2816", url: "https://access.redhat.com/errata/RHBA-2019:2816", }, { category: "external", summary: "1432875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1432875", }, { category: "external", summary: "1641647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1641647", }, { category: "external", summary: "1661447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1661447", }, { category: "external", summary: "1703777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1703777", }, { category: "external", summary: "1720172", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1720172", }, { category: "external", summary: "1733327", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1733327", }, { category: "external", summary: "1733429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1733429", }, { category: "external", summary: "1734009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1734009", }, { category: "external", summary: "1735502", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735502", }, { category: "external", summary: "1741477", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1741477", }, { category: "external", summary: "1743950", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1743950", }, { category: "external", summary: "1746212", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1746212", }, { category: "external", summary: "1748982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1748982", }, { category: "external", summary: "1749024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749024", }, { category: "external", summary: "1749341", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1749341", }, { category: "external", summary: "1752853", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1752853", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_2816.json", }, ], title: "Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update", tracking: { current_release_date: "2024-11-22T13:43:43+00:00", generator: { date: "2024-11-22T13:43:43+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHBA-2019:2816", initial_release_date: "2019-09-24T12:31:29+00:00", revision_history: [ { date: "2019-09-24T12:31:29+00:00", number: "1", summary: "Initial version", }, { date: "2019-09-24T12:31:29+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T13:43:43+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Container Platform 3.11", product: { name: "Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:3.11::el7", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product_id: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.146-1.git.1.3f0869b.el7?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product: { name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product_id: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.146-1.git.1.3f0869b.el7?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product: { name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_id: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.11.146-1.git.0.4aab273.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", product: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", product_id: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.146-1.git.1.3633245.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", product: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", product_id: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.146-1.git.1.fc7387e.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", product: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", product_id: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.146-1.git.1.fc1edc6.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", product: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", product_id: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.146-1.git.1.5278825.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", product: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", product_id: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.146-1.git.1.e0e89f7.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", product: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", product_id: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.146-1.git.1.723cb8d.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", product: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", product_id: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.11.146-1.git.1.75951b8.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", product: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", product_id: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.146-1.git.1.517a261.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", product: { name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", product_id: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-alertmanager@3.11.146-1.git.1.1a30625.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", product: { name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", product_id: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-node-exporter@3.11.146-1.git.1.51554ba.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", product: { name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", product_id: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus@3.11.146-1.git.1.0e18774.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", product: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", product_id: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.146-1.git.1.de160cc.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", product: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", product_id: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.146-1.git.1.113bc35.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "ansible-service-broker-1:1.3.23-2.el7.ppc64le", product: { name: "ansible-service-broker-1:1.3.23-2.el7.ppc64le", product_id: "ansible-service-broker-1:1.3.23-2.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.3.23-2.el7?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "kibana-0:5.6.16-2.el7.ppc64le", product: { name: "kibana-0:5.6.16-2.el7.ppc64le", product_id: "kibana-0:5.6.16-2.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/kibana@5.6.16-2.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", product: { name: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", product_id: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/kibana-debuginfo@5.6.16-2.el7?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product_id: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.146-1.git.1.3f0869b.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product: { name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product_id: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.146-1.git.1.3f0869b.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", product: { name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_id: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.11.146-1.git.0.4aab273.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", product: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", product_id: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.146-1.git.1.3633245.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", product: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", product_id: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.146-1.git.1.fc7387e.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", product: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", product_id: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.146-1.git.1.fc1edc6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", product: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", product_id: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.146-1.git.1.5278825.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", product: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", product_id: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.146-1.git.1.e0e89f7.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", product: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", product_id: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.146-1.git.1.723cb8d.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", product: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", product_id: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.11.146-1.git.1.75951b8.el7?arch=x86_64", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", product: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", product_id: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.146-1.git.1.517a261.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", product: { name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", product_id: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-alertmanager@3.11.146-1.git.1.1a30625.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", product: { name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", product_id: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-node-exporter@3.11.146-1.git.1.51554ba.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", product: { name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", product_id: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus@3.11.146-1.git.1.0e18774.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", product: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", product_id: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.146-1.git.1.de160cc.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", product: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", product_id: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.146-1.git.1.113bc35.el7?arch=x86_64", }, }, }, { category: "product_version", name: "ansible-service-broker-1:1.3.23-2.el7.x86_64", product: { name: "ansible-service-broker-1:1.3.23-2.el7.x86_64", product_id: "ansible-service-broker-1:1.3.23-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.3.23-2.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "kibana-0:5.6.16-2.el7.x86_64", product: { name: "kibana-0:5.6.16-2.el7.x86_64", product_id: "kibana-0:5.6.16-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kibana@5.6.16-2.el7?arch=x86_64", }, }, }, { category: "product_version", name: "kibana-debuginfo-0:5.6.16-2.el7.x86_64", product: { name: "kibana-debuginfo-0:5.6.16-2.el7.x86_64", product_id: "kibana-debuginfo-0:5.6.16-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kibana-debuginfo@5.6.16-2.el7?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", product: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", product_id: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.146-1.git.1.3f0869b.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", product: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", product_id: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.11.146-1.git.0.4aab273.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", product: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", product_id: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.146-1.git.1.3633245.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", product: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", product_id: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.146-1.git.1.fc7387e.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", product: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", product_id: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.146-1.git.1.fc1edc6.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", product: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", product_id: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.146-1.git.1.5278825.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", product: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", product_id: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.146-1.git.1.e0e89f7.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", product: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", product_id: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.146-1.git.1.723cb8d.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", product: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", product_id: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.11.146-1.git.1.75951b8.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", product: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", product_id: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.146-1.git.1.517a261.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", product: { name: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", product_id: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.146-1.git.1.1a30625.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", product: { name: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", product_id: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.146-1.git.1.51554ba.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", product: { name: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", product_id: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.146-1.git.1.0e18774.el7?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", product: { name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", product_id: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@3.11.1567698330-1.el7?arch=src", }, }, }, { category: "product_version", name: "jenkins-0:2.176.3.1568230481-1.el7.src", product: { name: "jenkins-0:2.176.3.1568230481-1.el7.src", product_id: "jenkins-0:2.176.3.1568230481-1.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.176.3.1568230481-1.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", product: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", product_id: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.146-1.git.1.de160cc.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", product: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", product_id: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.146-1.git.1.113bc35.el7?arch=src", }, }, }, { category: "product_version", name: "ansible-service-broker-1:1.3.23-2.el7.src", product: { name: "ansible-service-broker-1:1.3.23-2.el7.src", product_id: "ansible-service-broker-1:1.3.23-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.3.23-2.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "python-elasticsearch-1:5.4.0-2.el7.src", product: { name: "python-elasticsearch-1:5.4.0-2.el7.src", product_id: "python-elasticsearch-1:5.4.0-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/python-elasticsearch@5.4.0-2.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "kibana-0:5.6.16-2.el7.src", product: { name: "kibana-0:5.6.16-2.el7.src", product_id: "kibana-0:5.6.16-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/kibana@5.6.16-2.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product: { name: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product_id: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.146-1.git.0.4aab273.el7?arch=noarch", }, }, }, { category: "product_version", name: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product: { name: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product_id: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-excluder@3.11.146-1.git.0.4aab273.el7?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", product: { name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", product_id: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@3.11.1567698330-1.el7?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-0:2.176.3.1568230481-1.el7.noarch", product: { name: "jenkins-0:2.176.3.1568230481-1.el7.noarch", product_id: "jenkins-0:2.176.3.1568230481-1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.176.3.1568230481-1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", product: { name: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", product_id: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker-container-scripts@1.3.23-2.el7?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", product: { name: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", product_id: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker-selinux@1.3.23-2.el7?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "automation-broker-apb-role-1:1.3.23-2.el7.noarch", product: { name: "automation-broker-apb-role-1:1.3.23-2.el7.noarch", product_id: "automation-broker-apb-role-1:1.3.23-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/automation-broker-apb-role@1.3.23-2.el7?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "python-elasticsearch-1:5.4.0-2.el7.noarch", product: { name: "python-elasticsearch-1:5.4.0-2.el7.noarch", product_id: "python-elasticsearch-1:5.4.0-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/python-elasticsearch@5.4.0-2.el7?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-service-broker-1:1.3.23-2.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", }, product_reference: "ansible-service-broker-1:1.3.23-2.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-1:1.3.23-2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", }, product_reference: "ansible-service-broker-1:1.3.23-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-1:1.3.23-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", }, product_reference: "ansible-service-broker-1:1.3.23-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", }, product_reference: "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", }, product_reference: "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", }, product_reference: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", }, product_reference: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", }, product_reference: "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", }, product_reference: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", }, product_reference: "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", }, product_reference: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", }, product_reference: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", }, product_reference: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", }, product_reference: "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", }, product_reference: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", }, product_reference: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", }, product_reference: "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", }, product_reference: "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", }, product_reference: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", }, product_reference: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", }, product_reference: "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", }, product_reference: "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", }, product_reference: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", }, product_reference: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", }, product_reference: "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", }, product_reference: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", }, product_reference: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", }, product_reference: "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", }, product_reference: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", }, product_reference: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", }, product_reference: "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", }, product_reference: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", }, product_reference: "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", }, product_reference: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", }, product_reference: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", }, product_reference: "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "automation-broker-apb-role-1:1.3.23-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", }, product_reference: "automation-broker-apb-role-1:1.3.23-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", }, product_reference: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", }, product_reference: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", }, product_reference: "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", }, product_reference: "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", }, product_reference: "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", }, product_reference: "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.176.3.1568230481-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", }, product_reference: "jenkins-0:2.176.3.1568230481-1.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.176.3.1568230481-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", }, product_reference: "jenkins-0:2.176.3.1568230481-1.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", }, product_reference: "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", }, product_reference: "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-0:5.6.16-2.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", }, product_reference: "kibana-0:5.6.16-2.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-0:5.6.16-2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", }, product_reference: "kibana-0:5.6.16-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-0:5.6.16-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", }, product_reference: "kibana-0:5.6.16-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", }, product_reference: "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "kibana-debuginfo-0:5.6.16-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", }, product_reference: "kibana-debuginfo-0:5.6.16-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", }, product_reference: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", }, product_reference: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", }, product_reference: "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", }, product_reference: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", }, product_reference: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", }, product_reference: "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", }, product_reference: "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", }, product_reference: "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", }, product_reference: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", }, product_reference: "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", }, product_reference: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", }, product_reference: "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "python-elasticsearch-1:5.4.0-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", }, product_reference: "python-elasticsearch-1:5.4.0-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, { category: "default_component_of", full_product_name: { name: "python-elasticsearch-1:5.4.0-2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", product_id: "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", }, product_reference: "python-elasticsearch-1:5.4.0-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.11", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, ], cve: "CVE-2019-11247", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2019-07-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1732192", }, ], notes: [ { category: "description", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], known_not_affected: [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "RHBZ#1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11247", url: "https://www.cve.org/CVERecord?id=CVE-2019-11247", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-24T12:31:29+00:00", details: "Before applying this update, ensure all previously released errata\nrelevant to your system have been applied.\n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for release 3.11.146, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", product_ids: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2019:2816", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", }, { cve: "CVE-2019-11249", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2019-08-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1737651", }, ], notes: [ { category: "description", text: "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], known_not_affected: [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11249", }, { category: "external", summary: "RHBZ#1737651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1737651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11249", url: "https://www.cve.org/CVERecord?id=CVE-2019-11249", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11249", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11249", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-09-24T12:31:29+00:00", details: "Before applying this update, ensure all previously released errata\nrelevant to your system have been applied.\n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for release 3.11.146, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", product_ids: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2019:2816", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal", }, ], }
rhsa-2019:2769
Vulnerability from csaf_redhat
Published
2019-10-24 21:31
Modified
2025-03-15 19:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.9 security update
Notes
Topic
An security update is now available for Red Hat OpenShift Container Platform 3.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for Red Hat OpenShift Container
Platform 3.9, which have been rebuilt with an updated version of golang.
Security Fix(es):
* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An security update is now available for Red Hat OpenShift Container Platform 3.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for Red Hat OpenShift Container\nPlatform 3.9, which have been rebuilt with an updated version of golang.\n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:2769", url: "https://access.redhat.com/errata/RHSA-2019:2769", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2769.json", }, ], title: "Red Hat Security Advisory: OpenShift Container Platform 3.9 security update", tracking: { current_release_date: "2025-03-15T19:44:42+00:00", generator: { date: "2025-03-15T19:44:42+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2019:2769", initial_release_date: "2019-10-24T21:31:32+00:00", revision_history: [ { date: "2019-10-24T21:31:32+00:00", number: "1", summary: "Initial version", }, { date: "2019-10-24T21:31:32+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T19:44:42+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Container Platform 3.9", product: { name: "Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:3.9::el7", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "cri-o-0:1.9.16-3.git858756d.el7.x86_64", product: { name: "cri-o-0:1.9.16-3.git858756d.el7.x86_64", product_id: "cri-o-0:1.9.16-3.git858756d.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cri-o@1.9.16-3.git858756d.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", product: { name: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", product_id: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cri-o-debuginfo@1.9.16-3.git858756d.el7?arch=x86_64", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", product: { name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", product_id: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@2.1-3.git885c9f40.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-efs-provisioner@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-local-provisioner@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-snapshot-controller@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-snapshot-provisioner@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", product: { name: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", product_id: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage-debuginfo@0.0.1-9.git78d6339.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-master@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-pod@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", product: { name: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", product_id: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-tests@3.9.101-1.git.0.150f595.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", product: { name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", product_id: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.9.101-1.git.1.601c6d2.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", product: { name: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", product_id: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.101-1.git.1.13625cf.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", product: { name: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", product_id: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-node-exporter@3.9.101-1.git.1.8295224.el7?arch=x86_64", }, }, }, { category: "product_version", name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", product: { name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", product_id: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-prometheus-alert-buffer@0-3.gitceca8c1.el7?arch=x86_64", }, }, }, { category: "product_version", name: "ansible-service-broker-0:1.1.20-2.el7.x86_64", product: { name: "ansible-service-broker-0:1.1.20-2.el7.x86_64", product_id: "ansible-service-broker-0:1.1.20-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.1.20-2.el7?arch=x86_64", }, }, }, { category: "product_version", name: "heapster-0:1.3.0-4.el7.x86_64", product: { name: "heapster-0:1.3.0-4.el7.x86_64", product_id: "heapster-0:1.3.0-4.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/heapster@1.3.0-4.el7?arch=x86_64", }, }, }, { category: "product_version", name: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", product: { name: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", product_id: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/hawkular-openshift-agent@1.2.2-3.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", product: { name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", product_id: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-eventrouter@0.1-3.git5bd9251.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", product: { name: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", product_id: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-eventrouter-debuginfo@0.1-3.git5bd9251.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product: { name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product_id: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cri-tools@1.0.0-6.rhaos3.9.git8e6013a.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product: { name: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product_id: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cri-tools-debuginfo@1.0.0-6.rhaos3.9.git8e6013a.el7?arch=x86_64", }, }, }, { category: "product_version", name: "containernetworking-plugins-0:0.5.2-6.el7.x86_64", product: { name: "containernetworking-plugins-0:0.5.2-6.el7.x86_64", product_id: "containernetworking-plugins-0:0.5.2-6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/containernetworking-plugins@0.5.2-6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", product: { name: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", product_id: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/containernetworking-plugins-debuginfo@0.5.2-6.el7?arch=x86_64", }, }, }, { category: "product_version", name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product: { name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product_id: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-promu@0-5.git85ceabc.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product: { name: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product_id: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-promu@0-5.git85ceabc.el7?arch=x86_64", }, }, }, { category: "product_version", name: "image-inspector-0:2.1.3-2.el7.x86_64", product: { name: "image-inspector-0:2.1.3-2.el7.x86_64", product_id: "image-inspector-0:2.1.3-2.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/image-inspector@2.1.3-2.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", product: { name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", product_id: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openvswitch-ovn-kubernetes@0.1.0-3.el7?arch=x86_64", }, }, }, { category: "product_version", name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", product: { name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", product_id: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-image-registry@3.8.0-2.git.216.b6b90bb.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", product: { name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", product_id: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-2.git.267.bb59a3f.el7?arch=x86_64", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", product: { name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", product_id: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-2.git.167.5d6b0d4.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", product: { name: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", product_id: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus-alertmanager@0.14.0-2.git30af4d0.el7?arch=x86_64", }, }, }, { category: "product_version", name: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", product: { name: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", product_id: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/prometheus@2.2.1-2.gitbc6058c.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", product: { name: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", product_id: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cockpit-kubernetes@195-2.rhaos.el7?arch=x86_64", }, }, }, { category: "product_version", name: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", product: { name: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", product_id: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/cockpit-debuginfo@195-2.rhaos.el7?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "cri-o-0:1.9.16-3.git858756d.el7.src", product: { name: "cri-o-0:1.9.16-3.git858756d.el7.src", product_id: "cri-o-0:1.9.16-3.git858756d.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/cri-o@1.9.16-3.git858756d.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", product: { name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", product_id: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@2.1-3.git885c9f40.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", product: { name: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", product_id: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-external-storage@0.0.1-9.git78d6339.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", product: { name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", product_id: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift@3.9.101-1.git.0.150f595.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", product: { name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", product_id: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-web-console@3.9.101-1.git.1.601c6d2.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", product: { name: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", product_id: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.101-1.git.1.8295224.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", product: { name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", product_id: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-openshift-prometheus-alert-buffer@0-3.gitceca8c1.el7?arch=src", }, }, }, { category: "product_version", name: "ansible-service-broker-0:1.1.20-2.el7.src", product: { name: "ansible-service-broker-0:1.1.20-2.el7.src", product_id: "ansible-service-broker-0:1.1.20-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker@1.1.20-2.el7?arch=src", }, }, }, { category: "product_version", name: "heapster-0:1.3.0-4.el7.src", product: { name: "heapster-0:1.3.0-4.el7.src", product_id: "heapster-0:1.3.0-4.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/heapster@1.3.0-4.el7?arch=src", }, }, }, { category: "product_version", name: "hawkular-openshift-agent-0:1.2.2-3.el7.src", product: { name: "hawkular-openshift-agent-0:1.2.2-3.el7.src", product_id: "hawkular-openshift-agent-0:1.2.2-3.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/hawkular-openshift-agent@1.2.2-3.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", product: { name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", product_id: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-eventrouter@0.1-3.git5bd9251.el7?arch=src", }, }, }, { category: "product_version", name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", product: { name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", product_id: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/cri-tools@1.0.0-6.rhaos3.9.git8e6013a.el7?arch=src", }, }, }, { category: "product_version", name: "containernetworking-plugins-0:0.5.2-6.el7.src", product: { name: "containernetworking-plugins-0:0.5.2-6.el7.src", product_id: "containernetworking-plugins-0:0.5.2-6.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/containernetworking-plugins@0.5.2-6.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", product: { name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", product_id: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-promu@0-5.git85ceabc.el7?arch=src", }, }, }, { category: "product_version", name: "image-inspector-0:2.1.3-2.el7.src", product: { name: "image-inspector-0:2.1.3-2.el7.src", product_id: "image-inspector-0:2.1.3-2.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/image-inspector@2.1.3-2.el7?arch=src", }, }, }, { category: "product_version", name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", product: { name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", product_id: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openvswitch-ovn-kubernetes@0.1.0-3.el7?arch=src", }, }, }, { category: "product_version", name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", product: { name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", product_id: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-image-registry@3.8.0-2.git.216.b6b90bb.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", product: { name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", product_id: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-2.git.267.bb59a3f.el7?arch=src", }, }, }, { category: "product_version", name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", product: { name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", product_id: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-2.git.167.5d6b0d4.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", product: { name: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", product_id: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-alertmanager@0.14.0-2.git30af4d0.el7?arch=src", }, }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", product: { name: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", product_id: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang-github-prometheus-prometheus@2.2.1-2.gitbc6058c.el7?arch=src", }, }, }, { category: "product_version", name: "cockpit-0:195-2.rhaos.el7.src", product: { name: "cockpit-0:195-2.rhaos.el7.src", product_id: "cockpit-0:195-2.rhaos.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/cockpit@195-2.rhaos.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product: { name: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product_id: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.101-1.git.0.150f595.el7?arch=noarch", }, }, }, { category: "product_version", name: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product: { name: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product_id: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/atomic-openshift-excluder@3.9.101-1.git.0.150f595.el7?arch=noarch", }, }, }, { category: "product_version", name: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", product: { name: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", product_id: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker-container-scripts@1.1.20-2.el7?arch=noarch", }, }, }, { category: "product_version", name: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", product: { name: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", product_id: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ansible-service-broker-selinux@1.1.20-2.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-service-broker-0:1.1.20-2.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", }, product_reference: "ansible-service-broker-0:1.1.20-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-0:1.1.20-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", }, product_reference: "ansible-service-broker-0:1.1.20-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", }, product_reference: "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", }, product_reference: "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", }, product_reference: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", }, product_reference: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", }, product_reference: "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", }, product_reference: "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", }, product_reference: "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", }, product_reference: "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", }, product_reference: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", }, product_reference: "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", }, product_reference: "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", }, product_reference: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", }, product_reference: "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cockpit-0:195-2.rhaos.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", }, product_reference: "cockpit-0:195-2.rhaos.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", }, product_reference: "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", }, product_reference: "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "containernetworking-plugins-0:0.5.2-6.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", }, product_reference: "containernetworking-plugins-0:0.5.2-6.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "containernetworking-plugins-0:0.5.2-6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", }, product_reference: "containernetworking-plugins-0:0.5.2-6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", }, product_reference: "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-o-0:1.9.16-3.git858756d.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", }, product_reference: "cri-o-0:1.9.16-3.git858756d.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-o-0:1.9.16-3.git858756d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", }, product_reference: "cri-o-0:1.9.16-3.git858756d.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", }, product_reference: "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", }, product_reference: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", }, product_reference: "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", }, product_reference: "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", }, product_reference: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", }, product_reference: "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", }, product_reference: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", }, product_reference: "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", }, product_reference: "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", }, product_reference: "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", }, product_reference: "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", }, product_reference: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", }, product_reference: "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "hawkular-openshift-agent-0:1.2.2-3.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", }, product_reference: "hawkular-openshift-agent-0:1.2.2-3.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", }, product_reference: "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "heapster-0:1.3.0-4.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", }, product_reference: "heapster-0:1.3.0-4.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "heapster-0:1.3.0-4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", }, product_reference: "heapster-0:1.3.0-4.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "image-inspector-0:2.1.3-2.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", }, product_reference: "image-inspector-0:2.1.3-2.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "image-inspector-0:2.1.3-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", }, product_reference: "image-inspector-0:2.1.3-2.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", }, product_reference: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", }, product_reference: "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", }, product_reference: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", }, product_reference: "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", }, product_reference: "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", }, product_reference: "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", }, product_reference: "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", }, product_reference: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", }, product_reference: "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", }, product_reference: "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", }, product_reference: "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", }, product_reference: "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, { category: "default_component_of", full_product_name: { name: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", product_id: "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", }, product_reference: "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", relates_to_product_reference: "7Server-RH7-RHOSE-3.9", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9512", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735645", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using PING frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "RHBZ#1735645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9512", url: "https://www.cve.org/CVERecord?id=CVE-2019-9512", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-24T21:31:32+00:00", details: "For OpenShift Container Platform 3.9 see the following documentation, which\nwill be updated shortly for release 3.9.100, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using PING frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Envoy security team", ], }, ], cve: "CVE-2019-9514", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1735744", }, ], notes: [ { category: "description", text: "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", title: "Vulnerability summary", }, { category: "other", text: "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-9514", }, { category: "external", summary: "RHBZ#1735744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-9514", url: "https://www.cve.org/CVERecord?id=CVE-2019-9514", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", }, { category: "external", summary: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", url: "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", url: "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", }, { category: "external", summary: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", url: "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", }, { category: "external", summary: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", url: "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", }, ], release_date: "2019-08-13T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-24T21:31:32+00:00", details: "For OpenShift Container Platform 3.9 see the following documentation, which\nwill be updated shortly for release 3.9.100, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "HTTP/2: flood using HEADERS frames results in unbounded memory growth", }, { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, ], cve: "CVE-2019-11247", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2019-07-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1732192", }, ], notes: [ { category: "description", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "RHBZ#1732192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1732192", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11247", url: "https://www.cve.org/CVERecord?id=CVE-2019-11247", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { category: "external", summary: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", url: "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", }, ], release_date: "2019-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-10-24T21:31:32+00:00", details: "For OpenShift Container Platform 3.9 see the following documentation, which\nwill be updated shortly for release 3.9.100, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html", product_ids: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", }, ], }
fkie_cve-2019-11247
Vulnerability from fkie_nvd
Published
2019-08-29 01:15
Modified
2024-11-21 04:20
Severity ?
Summary
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.12.11 | |
| redhat | openshift_container_platform | 3.9 | |
| redhat | openshift_container_platform | 3.10 | |
| redhat | openshift_container_platform | 3.11 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", matchCriteriaId: "A582FE75-D84B-4C8F-B836-95FB15F68EBA", versionEndIncluding: "1.12.10", versionStartIncluding: "1.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", matchCriteriaId: "14126DA1-4F03-43D3-BD14-0BE06EC8F4E5", versionEndExcluding: "1.13.9", versionStartIncluding: "1.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", matchCriteriaId: "E10D117F-F0C4-4355-98E3-BB4A401258DE", versionEndExcluding: "1.14.5", versionStartIncluding: "1.14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", matchCriteriaId: "2BECD4DB-0E6B-4C4A-B714-F6E4724BD0F6", versionEndExcluding: "1.15.2", versionStartIncluding: "1.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:kubernetes:kubernetes:1.12.11:beta0:*:*:*:*:*:*", matchCriteriaId: "3EAFE32A-5295-4A4B-9EC1-A1DB3CAE3DC8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*", matchCriteriaId: "309CB6F8-F178-454C-BE97-787F78647C28", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*", matchCriteriaId: "4DBCD38F-BBE8-488C-A8C3-5782F191D915", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", matchCriteriaId: "2F87326E-0B56-4356-A889-73D026DB1D4B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", }, { lang: "es", value: "El kube-apiserver de Kubernetes permite por error el acceso a un recurso personalizado de ámbito de clúster si la solicitud se realiza como si el recurso estuviera con espacio de nombres. Las autorizaciones para el recurso al que se tiene acceso de esta manera se aplican mediante roles y enlaces de roles dentro del espacio de nombres, lo que significa que un usuario con acceso solo a un recurso en un espacio de nombres podría crear, ver actualizar o eliminar el recurso de ámbito de clúster (según sus privilegios de rol de espacio de nombres). Las versiones afectadas de Kubernetes incluyen versiones anteriores a 1.13.9, versiones anteriores a 1.14.5, versiones anteriores a 1.15.2 y versiones 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", }, ], id: "CVE-2019-11247", lastModified: "2024-11-21T04:20:47.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.4, source: "jordan@liggitt.net", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-29T01:15:11.287", references: [ { source: "jordan@liggitt.net", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:2816", }, { source: "jordan@liggitt.net", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:2824", }, { source: "jordan@liggitt.net", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2690", }, { source: "jordan@liggitt.net", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2769", }, { source: "jordan@liggitt.net", tags: [ "Third Party Advisory", ], url: "https://github.com/kubernetes/kubernetes/issues/80983", }, { source: "jordan@liggitt.net", tags: [ "Third Party Advisory", ], url: "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ", }, { source: "jordan@liggitt.net", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190919-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:2816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:2824", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2690", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2769", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/kubernetes/kubernetes/issues/80983", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190919-0003/", }, ], sourceIdentifier: "jordan@liggitt.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "jordan@liggitt.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-fp37-c92q-4pwq
Vulnerability from github
Published
2022-05-24 16:55
Modified
2023-09-25 19:56
Severity ?
Summary
Kubernetes kube-apiserver unauthorized access
Details
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.
{ affected: [ { package: { ecosystem: "Go", name: "k8s.io/apiextensions-apiserver", }, ranges: [ { events: [ { introduced: "0.7.0", }, { fixed: "0.13.9", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Go", name: "k8s.io/apiextensions-apiserver", }, ranges: [ { events: [ { introduced: "0.14.0", }, { fixed: "0.14.5", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Go", name: "k8s.io/apiextensions-apiserver", }, ranges: [ { events: [ { introduced: "0.15.0", }, { fixed: "0.15.2", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2019-11247", ], database_specific: { cwe_ids: [ "CWE-863", ], github_reviewed: true, github_reviewed_at: "2023-07-17T23:39:36Z", nvd_published_at: "2019-08-29T01:15:00Z", severity: "HIGH", }, details: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", id: "GHSA-fp37-c92q-4pwq", modified: "2023-09-25T19:56:20Z", published: "2022-05-24T16:55:06Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", }, { type: "WEB", url: "https://github.com/kubernetes/kubernetes/issues/80983", }, { type: "WEB", url: "https://github.com/kubernetes/kubernetes/pull/80750", }, { type: "WEB", url: "https://github.com/kubernetes/kubernetes/pull/80850", }, { type: "WEB", url: "https://github.com/kubernetes/kubernetes/pull/80851", }, { type: "WEB", url: "https://github.com/kubernetes/kubernetes/pull/80852", }, { type: "WEB", url: "https://github.com/kubernetes/apiextensions-apiserver/commit/b9b7d2b3f32f8edbeb47b8726710eeb868bce196", }, { type: "WEB", url: "https://access.redhat.com/errata/RHBA-2019:2816", }, { type: "WEB", url: "https://access.redhat.com/errata/RHBA-2019:2824", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2019:2690", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2019:2769", }, { type: "PACKAGE", url: "https://github.com/kubernetes/apiextensions-apiserver", }, { type: "WEB", url: "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ", }, { type: "WEB", url: "https://security.netapp.com/advisory/ntap-20190919-0003", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", type: "CVSS_V3", }, ], summary: "Kubernetes kube-apiserver unauthorized access", }
gsd-2019-11247
Vulnerability from gsd
Modified
2023-12-13 01:24
Details
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.
Aliases
Aliases
{ GSD: { alias: "CVE-2019-11247", description: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", id: "GSD-2019-11247", references: [ "https://www.suse.com/security/cve/CVE-2019-11247.html", "https://access.redhat.com/errata/RHBA-2019:2816", "https://access.redhat.com/errata/RHSA-2019:2769", "https://access.redhat.com/errata/RHSA-2019:2690", "https://access.redhat.com/errata/RHSA-2019:2504", "https://linux.oracle.com/cve/CVE-2019-11247.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2019-11247", ], details: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", id: "GSD-2019-11247", modified: "2023-12-13T01:24:02.652470Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { AKA: "", ASSIGNER: "security@kubernetes.io", DATE_PUBLIC: "2019-08-05", ID: "CVE-2019-11247", STATE: "PUBLIC", TITLE: "Kubernetes kube-apiserver allows access to custom resources via wrong scope", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Kubernetes", version: { version_data: [ { version_value: "prior to 1.13.9", }, { version_value: "prior to 1.14.5", }, { version_value: "prior to 1.15.2", }, { version_value: "1.7", }, { version_value: "1.8", }, { version_value: "1.9", }, { version_value: "1.10", }, { version_value: "1.11", }, { version_value: "1.12", }, ], }, }, ], }, vendor_name: "Kubernetes", }, ], }, }, configuration: [], credit: [ { lang: "eng", value: "Prabu Shyam, Verizon Media", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", }, ], }, exploit: [], generator: { engine: "Vulnogram 0.0.7", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20: Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/kubernetes/kubernetes/issues/80983", refsource: "CONFIRM", url: "https://github.com/kubernetes/kubernetes/issues/80983", }, { name: "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249", refsource: "MLIST", url: "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ", }, { name: "RHSA-2019:2690", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2690", }, { name: "https://security.netapp.com/advisory/ntap-20190919-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190919-0003/", }, { name: "RHBA-2019:2816", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:2816", }, { name: "RHBA-2019:2824", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:2824", }, { name: "RHSA-2019:2769", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], }, solution: [], source: { advisory: "", defect: [ "https://github.com/kubernetes/kubernetes/issues/80983", ], discovery: "USER", }, work_around: [ { lang: "eng", value: "To mitigate, remove authorization rules that grant access to cluster-scoped resources within namespaces. For example, RBAC roles and clusterroles intended to be referenced by namespaced rolebindings should not grant access to resources:[*], apiGroups:[*], or grant access to cluster-scoped custom resources.", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12.10", versionStartIncluding: "1.7.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:kubernetes:kubernetes:1.12.11:beta0:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.13.9", versionStartIncluding: "1.13.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.15.2", versionStartIncluding: "1.15.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.14.5", versionStartIncluding: "1.14.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@kubernetes.io", ID: "CVE-2019-11247", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-863", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/kubernetes/kubernetes/issues/80983", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://github.com/kubernetes/kubernetes/issues/80983", }, { name: "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249", refsource: "MLIST", tags: [ "Third Party Advisory", ], url: "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ", }, { name: "RHSA-2019:2690", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2690", }, { name: "https://security.netapp.com/advisory/ntap-20190919-0003/", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190919-0003/", }, { name: "RHBA-2019:2816", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:2816", }, { name: "RHBA-2019:2824", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:2824", }, { name: "RHSA-2019:2769", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2769", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, }, }, lastModifiedDate: "2020-10-02T16:21Z", publishedDate: "2019-08-29T01:15Z", }, }, }
opensuse-su-2024:10901-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
kubernetes-apiserver-1.22.2-21.2 on GA media
Notes
Title of the patch
kubernetes-apiserver-1.22.2-21.2 on GA media
Description of the patch
These are all security issues fixed in the kubernetes-apiserver-1.22.2-21.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10901
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "kubernetes-apiserver-1.22.2-21.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the kubernetes-apiserver-1.22.2-21.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10901", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10901-1.json", }, { category: "self", summary: "SUSE CVE CVE-2016-5195 page", url: "https://www.suse.com/security/cve/CVE-2016-5195/", }, { category: "self", summary: "SUSE CVE CVE-2016-8859 page", url: "https://www.suse.com/security/cve/CVE-2016-8859/", }, { category: "self", summary: "SUSE CVE CVE-2017-1002101 page", url: "https://www.suse.com/security/cve/CVE-2017-1002101/", }, { category: "self", summary: "SUSE CVE CVE-2018-1002105 page", url: "https://www.suse.com/security/cve/CVE-2018-1002105/", }, { category: "self", summary: "SUSE CVE CVE-2019-11247 page", url: "https://www.suse.com/security/cve/CVE-2019-11247/", }, { category: "self", summary: "SUSE CVE CVE-2019-11249 page", url: "https://www.suse.com/security/cve/CVE-2019-11249/", }, { category: "self", summary: "SUSE CVE CVE-2019-11253 page", url: "https://www.suse.com/security/cve/CVE-2019-11253/", }, { category: "self", summary: "SUSE CVE CVE-2019-9512 page", url: "https://www.suse.com/security/cve/CVE-2019-9512/", }, ], title: "kubernetes-apiserver-1.22.2-21.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10901-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kubernetes-apiserver-1.22.2-21.2.aarch64", product: { name: "kubernetes-apiserver-1.22.2-21.2.aarch64", product_id: "kubernetes-apiserver-1.22.2-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", product: { name: "kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", product_id: "kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-client-1.22.2-21.2.aarch64", product: { name: "kubernetes-client-1.22.2-21.2.aarch64", product_id: "kubernetes-client-1.22.2-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-controller-manager-1.22.2-21.2.aarch64", product: { name: "kubernetes-controller-manager-1.22.2-21.2.aarch64", product_id: "kubernetes-controller-manager-1.22.2-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", product: { name: "kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", product_id: "kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-coredns-1.8.4-21.2.aarch64", product: { name: "kubernetes-coredns-1.8.4-21.2.aarch64", product_id: "kubernetes-coredns-1.8.4-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-coredns-minus1-1.8.0-21.2.aarch64", product: { name: "kubernetes-coredns-minus1-1.8.0-21.2.aarch64", product_id: "kubernetes-coredns-minus1-1.8.0-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-etcd-3.5.0-21.2.aarch64", product: { name: "kubernetes-etcd-3.5.0-21.2.aarch64", product_id: "kubernetes-etcd-3.5.0-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-etcd-minus1-3.4.13-21.2.aarch64", product: { name: "kubernetes-etcd-minus1-3.4.13-21.2.aarch64", product_id: "kubernetes-etcd-minus1-3.4.13-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-kubeadm-1.22.2-21.2.aarch64", product: { name: "kubernetes-kubeadm-1.22.2-21.2.aarch64", product_id: "kubernetes-kubeadm-1.22.2-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-kubelet-1.22.2-21.2.aarch64", product: { name: "kubernetes-kubelet-1.22.2-21.2.aarch64", product_id: "kubernetes-kubelet-1.22.2-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-proxy-1.22.2-21.2.aarch64", product: { name: "kubernetes-proxy-1.22.2-21.2.aarch64", product_id: "kubernetes-proxy-1.22.2-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-proxy-minus1-1.21.5-21.2.aarch64", product: { name: "kubernetes-proxy-minus1-1.21.5-21.2.aarch64", product_id: "kubernetes-proxy-minus1-1.21.5-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-scheduler-1.22.2-21.2.aarch64", product: { name: "kubernetes-scheduler-1.22.2-21.2.aarch64", product_id: "kubernetes-scheduler-1.22.2-21.2.aarch64", }, }, { category: "product_version", name: "kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", product: { name: "kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", product_id: "kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "kubernetes-apiserver-1.22.2-21.2.ppc64le", product: { name: "kubernetes-apiserver-1.22.2-21.2.ppc64le", product_id: "kubernetes-apiserver-1.22.2-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", product: { name: "kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", product_id: "kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-client-1.22.2-21.2.ppc64le", product: { name: "kubernetes-client-1.22.2-21.2.ppc64le", product_id: "kubernetes-client-1.22.2-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-controller-manager-1.22.2-21.2.ppc64le", product: { name: "kubernetes-controller-manager-1.22.2-21.2.ppc64le", product_id: "kubernetes-controller-manager-1.22.2-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", product: { name: "kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", product_id: "kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-coredns-1.8.4-21.2.ppc64le", product: { name: "kubernetes-coredns-1.8.4-21.2.ppc64le", product_id: "kubernetes-coredns-1.8.4-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", product: { name: "kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", product_id: "kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-etcd-3.5.0-21.2.ppc64le", product: { name: "kubernetes-etcd-3.5.0-21.2.ppc64le", product_id: "kubernetes-etcd-3.5.0-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", product: { name: "kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", product_id: "kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-kubeadm-1.22.2-21.2.ppc64le", product: { name: "kubernetes-kubeadm-1.22.2-21.2.ppc64le", product_id: "kubernetes-kubeadm-1.22.2-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-kubelet-1.22.2-21.2.ppc64le", product: { name: "kubernetes-kubelet-1.22.2-21.2.ppc64le", product_id: "kubernetes-kubelet-1.22.2-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-proxy-1.22.2-21.2.ppc64le", product: { name: "kubernetes-proxy-1.22.2-21.2.ppc64le", product_id: "kubernetes-proxy-1.22.2-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", product: { name: "kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", product_id: "kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-scheduler-1.22.2-21.2.ppc64le", product: { name: "kubernetes-scheduler-1.22.2-21.2.ppc64le", product_id: "kubernetes-scheduler-1.22.2-21.2.ppc64le", }, }, { category: "product_version", name: "kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", product: { name: "kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", product_id: "kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "kubernetes-apiserver-1.22.2-21.2.s390x", product: { name: "kubernetes-apiserver-1.22.2-21.2.s390x", product_id: "kubernetes-apiserver-1.22.2-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-apiserver-minus1-1.21.5-21.2.s390x", product: { name: "kubernetes-apiserver-minus1-1.21.5-21.2.s390x", product_id: "kubernetes-apiserver-minus1-1.21.5-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-client-1.22.2-21.2.s390x", product: { name: "kubernetes-client-1.22.2-21.2.s390x", product_id: "kubernetes-client-1.22.2-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-controller-manager-1.22.2-21.2.s390x", product: { name: "kubernetes-controller-manager-1.22.2-21.2.s390x", product_id: "kubernetes-controller-manager-1.22.2-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", product: { name: "kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", product_id: "kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-coredns-1.8.4-21.2.s390x", product: { name: "kubernetes-coredns-1.8.4-21.2.s390x", product_id: "kubernetes-coredns-1.8.4-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-coredns-minus1-1.8.0-21.2.s390x", product: { name: "kubernetes-coredns-minus1-1.8.0-21.2.s390x", product_id: "kubernetes-coredns-minus1-1.8.0-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-etcd-3.5.0-21.2.s390x", product: { name: "kubernetes-etcd-3.5.0-21.2.s390x", product_id: "kubernetes-etcd-3.5.0-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-etcd-minus1-3.4.13-21.2.s390x", product: { name: "kubernetes-etcd-minus1-3.4.13-21.2.s390x", product_id: "kubernetes-etcd-minus1-3.4.13-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-kubeadm-1.22.2-21.2.s390x", product: { name: "kubernetes-kubeadm-1.22.2-21.2.s390x", product_id: "kubernetes-kubeadm-1.22.2-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-kubelet-1.22.2-21.2.s390x", product: { name: "kubernetes-kubelet-1.22.2-21.2.s390x", product_id: "kubernetes-kubelet-1.22.2-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-proxy-1.22.2-21.2.s390x", product: { name: "kubernetes-proxy-1.22.2-21.2.s390x", product_id: "kubernetes-proxy-1.22.2-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-proxy-minus1-1.21.5-21.2.s390x", product: { name: "kubernetes-proxy-minus1-1.21.5-21.2.s390x", product_id: "kubernetes-proxy-minus1-1.21.5-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-scheduler-1.22.2-21.2.s390x", product: { name: "kubernetes-scheduler-1.22.2-21.2.s390x", product_id: "kubernetes-scheduler-1.22.2-21.2.s390x", }, }, { category: "product_version", name: "kubernetes-scheduler-minus1-1.21.5-21.2.s390x", product: { name: "kubernetes-scheduler-minus1-1.21.5-21.2.s390x", product_id: "kubernetes-scheduler-minus1-1.21.5-21.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "kubernetes-apiserver-1.22.2-21.2.x86_64", product: { name: "kubernetes-apiserver-1.22.2-21.2.x86_64", product_id: "kubernetes-apiserver-1.22.2-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", product: { name: "kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", product_id: "kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-client-1.22.2-21.2.x86_64", product: { name: "kubernetes-client-1.22.2-21.2.x86_64", product_id: "kubernetes-client-1.22.2-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-controller-manager-1.22.2-21.2.x86_64", product: { name: "kubernetes-controller-manager-1.22.2-21.2.x86_64", product_id: "kubernetes-controller-manager-1.22.2-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", product: { name: "kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", product_id: "kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-coredns-1.8.4-21.2.x86_64", product: { name: "kubernetes-coredns-1.8.4-21.2.x86_64", product_id: "kubernetes-coredns-1.8.4-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-coredns-minus1-1.8.0-21.2.x86_64", product: { name: "kubernetes-coredns-minus1-1.8.0-21.2.x86_64", product_id: "kubernetes-coredns-minus1-1.8.0-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-etcd-3.5.0-21.2.x86_64", product: { name: "kubernetes-etcd-3.5.0-21.2.x86_64", product_id: "kubernetes-etcd-3.5.0-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-etcd-minus1-3.4.13-21.2.x86_64", product: { name: "kubernetes-etcd-minus1-3.4.13-21.2.x86_64", product_id: "kubernetes-etcd-minus1-3.4.13-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-kubeadm-1.22.2-21.2.x86_64", product: { name: "kubernetes-kubeadm-1.22.2-21.2.x86_64", product_id: "kubernetes-kubeadm-1.22.2-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-kubelet-1.22.2-21.2.x86_64", product: { name: "kubernetes-kubelet-1.22.2-21.2.x86_64", product_id: "kubernetes-kubelet-1.22.2-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-proxy-1.22.2-21.2.x86_64", product: { name: "kubernetes-proxy-1.22.2-21.2.x86_64", product_id: "kubernetes-proxy-1.22.2-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-proxy-minus1-1.21.5-21.2.x86_64", product: { name: "kubernetes-proxy-minus1-1.21.5-21.2.x86_64", product_id: "kubernetes-proxy-minus1-1.21.5-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-scheduler-1.22.2-21.2.x86_64", product: { name: "kubernetes-scheduler-1.22.2-21.2.x86_64", product_id: "kubernetes-scheduler-1.22.2-21.2.x86_64", }, }, { category: "product_version", name: "kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", product: { name: "kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", product_id: "kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kubernetes-apiserver-1.22.2-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", }, product_reference: "kubernetes-apiserver-1.22.2-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-apiserver-1.22.2-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", }, product_reference: "kubernetes-apiserver-1.22.2-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-apiserver-1.22.2-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", }, product_reference: "kubernetes-apiserver-1.22.2-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-apiserver-1.22.2-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", }, product_reference: "kubernetes-apiserver-1.22.2-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-apiserver-minus1-1.21.5-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", }, product_reference: "kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", }, product_reference: "kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-apiserver-minus1-1.21.5-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", }, product_reference: "kubernetes-apiserver-minus1-1.21.5-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-apiserver-minus1-1.21.5-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", }, product_reference: "kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-client-1.22.2-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", }, product_reference: "kubernetes-client-1.22.2-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-client-1.22.2-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", }, product_reference: "kubernetes-client-1.22.2-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-client-1.22.2-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", }, product_reference: "kubernetes-client-1.22.2-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-client-1.22.2-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", }, product_reference: "kubernetes-client-1.22.2-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-controller-manager-1.22.2-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", }, product_reference: "kubernetes-controller-manager-1.22.2-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-controller-manager-1.22.2-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", }, product_reference: "kubernetes-controller-manager-1.22.2-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-controller-manager-1.22.2-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", }, product_reference: "kubernetes-controller-manager-1.22.2-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-controller-manager-1.22.2-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", }, product_reference: "kubernetes-controller-manager-1.22.2-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", }, product_reference: "kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", }, product_reference: "kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-controller-manager-minus1-1.21.5-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", }, product_reference: "kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", }, product_reference: "kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-coredns-1.8.4-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", }, product_reference: "kubernetes-coredns-1.8.4-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-coredns-1.8.4-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", }, product_reference: "kubernetes-coredns-1.8.4-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-coredns-1.8.4-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", }, product_reference: "kubernetes-coredns-1.8.4-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-coredns-1.8.4-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", }, product_reference: "kubernetes-coredns-1.8.4-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-coredns-minus1-1.8.0-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", }, product_reference: "kubernetes-coredns-minus1-1.8.0-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-coredns-minus1-1.8.0-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", }, product_reference: "kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-coredns-minus1-1.8.0-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", }, product_reference: "kubernetes-coredns-minus1-1.8.0-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-coredns-minus1-1.8.0-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", }, product_reference: "kubernetes-coredns-minus1-1.8.0-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-etcd-3.5.0-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", }, product_reference: "kubernetes-etcd-3.5.0-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-etcd-3.5.0-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", }, product_reference: "kubernetes-etcd-3.5.0-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-etcd-3.5.0-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", }, product_reference: "kubernetes-etcd-3.5.0-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-etcd-3.5.0-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", }, product_reference: "kubernetes-etcd-3.5.0-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-etcd-minus1-3.4.13-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", }, product_reference: "kubernetes-etcd-minus1-3.4.13-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-etcd-minus1-3.4.13-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", }, product_reference: "kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-etcd-minus1-3.4.13-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", }, product_reference: "kubernetes-etcd-minus1-3.4.13-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-etcd-minus1-3.4.13-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", }, product_reference: "kubernetes-etcd-minus1-3.4.13-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-kubeadm-1.22.2-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", }, product_reference: "kubernetes-kubeadm-1.22.2-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-kubeadm-1.22.2-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", }, product_reference: "kubernetes-kubeadm-1.22.2-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-kubeadm-1.22.2-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", }, product_reference: "kubernetes-kubeadm-1.22.2-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-kubeadm-1.22.2-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", }, product_reference: "kubernetes-kubeadm-1.22.2-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-kubelet-1.22.2-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", }, product_reference: "kubernetes-kubelet-1.22.2-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-kubelet-1.22.2-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", }, product_reference: "kubernetes-kubelet-1.22.2-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-kubelet-1.22.2-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", }, product_reference: "kubernetes-kubelet-1.22.2-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-kubelet-1.22.2-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", }, product_reference: "kubernetes-kubelet-1.22.2-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-proxy-1.22.2-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", }, product_reference: "kubernetes-proxy-1.22.2-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-proxy-1.22.2-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", }, product_reference: "kubernetes-proxy-1.22.2-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-proxy-1.22.2-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", }, product_reference: "kubernetes-proxy-1.22.2-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-proxy-1.22.2-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", }, product_reference: "kubernetes-proxy-1.22.2-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-proxy-minus1-1.21.5-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", }, product_reference: "kubernetes-proxy-minus1-1.21.5-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-proxy-minus1-1.21.5-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", }, product_reference: "kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-proxy-minus1-1.21.5-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", }, product_reference: "kubernetes-proxy-minus1-1.21.5-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-proxy-minus1-1.21.5-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", }, product_reference: "kubernetes-proxy-minus1-1.21.5-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-scheduler-1.22.2-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", }, product_reference: "kubernetes-scheduler-1.22.2-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-scheduler-1.22.2-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", }, product_reference: "kubernetes-scheduler-1.22.2-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-scheduler-1.22.2-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", }, product_reference: "kubernetes-scheduler-1.22.2-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-scheduler-1.22.2-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", }, product_reference: "kubernetes-scheduler-1.22.2-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-scheduler-minus1-1.21.5-21.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", }, product_reference: "kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", }, product_reference: "kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-scheduler-minus1-1.21.5-21.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", }, product_reference: "kubernetes-scheduler-minus1-1.21.5-21.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "kubernetes-scheduler-minus1-1.21.5-21.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", }, product_reference: "kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2016-5195", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5195", }, ], notes: [ { category: "general", text: "Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka \"Dirty COW.\"", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5195", url: "https://www.suse.com/security/cve/CVE-2016-5195", }, { category: "external", summary: "SUSE Bug 1004418 for CVE-2016-5195", url: "https://bugzilla.suse.com/1004418", }, { category: "external", summary: "SUSE Bug 1004419 for CVE-2016-5195", url: "https://bugzilla.suse.com/1004419", }, { category: "external", summary: "SUSE Bug 1004436 for CVE-2016-5195", url: "https://bugzilla.suse.com/1004436", }, { category: "external", summary: "SUSE Bug 1006323 for CVE-2016-5195", url: "https://bugzilla.suse.com/1006323", }, { category: "external", summary: "SUSE Bug 1006695 for CVE-2016-5195", url: "https://bugzilla.suse.com/1006695", }, { category: "external", summary: "SUSE Bug 1007291 for CVE-2016-5195", url: "https://bugzilla.suse.com/1007291", }, { category: "external", summary: "SUSE Bug 1008110 for CVE-2016-5195", url: "https://bugzilla.suse.com/1008110", }, { category: "external", summary: "SUSE Bug 1030118 for CVE-2016-5195", url: "https://bugzilla.suse.com/1030118", }, { category: "external", summary: "SUSE Bug 1046453 for CVE-2016-5195", url: "https://bugzilla.suse.com/1046453", }, { category: "external", summary: "SUSE Bug 1069496 for CVE-2016-5195", url: "https://bugzilla.suse.com/1069496", }, { category: "external", summary: "SUSE Bug 1149725 for CVE-2016-5195", url: "https://bugzilla.suse.com/1149725", }, { category: "external", summary: "SUSE Bug 870618 for CVE-2016-5195", url: "https://bugzilla.suse.com/870618", }, { category: "external", summary: "SUSE Bug 986445 for CVE-2016-5195", url: "https://bugzilla.suse.com/986445", }, { category: "external", summary: "SUSE Bug 998689 for CVE-2016-5195", url: "https://bugzilla.suse.com/998689", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-5195", }, { cve: "CVE-2016-8859", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8859", }, ], notes: [ { category: "general", text: "Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8859", url: "https://www.suse.com/security/cve/CVE-2016-8859", }, { category: "external", summary: "SUSE Bug 1005483 for CVE-2016-8859", url: "https://bugzilla.suse.com/1005483", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-8859", }, { cve: "CVE-2017-1002101", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-1002101", }, ], notes: [ { category: "general", text: "In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-1002101", url: "https://www.suse.com/security/cve/CVE-2017-1002101", }, { category: "external", summary: "SUSE Bug 1084923 for CVE-2017-1002101", url: "https://bugzilla.suse.com/1084923", }, { category: "external", summary: "SUSE Bug 1085007 for CVE-2017-1002101", url: "https://bugzilla.suse.com/1085007", }, { category: "external", summary: "SUSE Bug 1085009 for CVE-2017-1002101", url: "https://bugzilla.suse.com/1085009", }, { category: "external", summary: "SUSE Bug 1096726 for CVE-2017-1002101", url: "https://bugzilla.suse.com/1096726", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-1002101", }, { cve: "CVE-2018-1002105", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1002105", }, ], notes: [ { category: "general", text: "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1002105", url: "https://www.suse.com/security/cve/CVE-2018-1002105", }, { category: "external", summary: "SUSE Bug 1118198 for CVE-2018-1002105", url: "https://bugzilla.suse.com/1118198", }, { category: "external", summary: "SUSE Bug 1118260 for CVE-2018-1002105", url: "https://bugzilla.suse.com/1118260", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2018-1002105", }, { cve: "CVE-2019-11247", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11247", }, ], notes: [ { category: "general", text: "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11247", url: "https://www.suse.com/security/cve/CVE-2019-11247", }, { category: "external", summary: "SUSE Bug 1142423 for CVE-2019-11247", url: "https://bugzilla.suse.com/1142423", }, { category: "external", summary: "SUSE Bug 1142434 for CVE-2019-11247", url: "https://bugzilla.suse.com/1142434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11247", }, { cve: "CVE-2019-11249", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11249", }, ], notes: [ { category: "general", text: "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user's machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user's machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11249", url: "https://www.suse.com/security/cve/CVE-2019-11249", }, { category: "external", summary: "SUSE Bug 1144507 for CVE-2019-11249", url: "https://bugzilla.suse.com/1144507", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11249", }, { cve: "CVE-2019-11253", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11253", }, ], notes: [ { category: "general", text: "Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11253", url: "https://www.suse.com/security/cve/CVE-2019-11253", }, { category: "external", summary: "SUSE Bug 1152861 for CVE-2019-11253", url: "https://bugzilla.suse.com/1152861", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11253", }, { cve: "CVE-2019-9512", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-9512", }, ], notes: [ { category: "general", text: "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-9512", url: "https://www.suse.com/security/cve/CVE-2019-9512", }, { category: "external", summary: "SUSE Bug 1145663 for CVE-2019-9512", url: "https://bugzilla.suse.com/1145663", }, { category: "external", summary: "SUSE Bug 1146099 for CVE-2019-9512", url: "https://bugzilla.suse.com/1146099", }, { category: "external", summary: "SUSE Bug 1146111 for CVE-2019-9512", url: "https://bugzilla.suse.com/1146111", }, { category: "external", summary: "SUSE Bug 1147142 for CVE-2019-9512", url: "https://bugzilla.suse.com/1147142", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.s390x", "openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2.x86_64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.aarch64", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.ppc64le", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.s390x", "openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-9512", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.